Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package busybox for openSUSE:Factory checked
in at 2025-08-14 11:36:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/busybox (Old)
and /work/SRC/openSUSE:Factory/.busybox.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "busybox"
Thu Aug 14 11:36:09 2025 rev:93 rq:1299220 version:1.37.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/busybox/busybox.changes 2025-08-06
14:31:18.415048765 +0200
+++ /work/SRC/openSUSE:Factory/.busybox.new.1085/busybox.changes
2025-08-14 11:36:16.851975615 +0200
@@ -1,0 +2,13 @@
+Mon Aug 11 14:37:07 UTC 2025 - Fabian Vogt <fv...@suse.com>
+
+- Add patch to fix adduser inside containers on an SELinux host
+ (boo#1247779):
+ * 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
+
+-------------------------------------------------------------------
+Mon Aug 11 13:15:36 UTC 2025 - Fabian Vogt <fv...@suse.com>
+
+- Don't throw debug info away during build, let RPM separate it
+ afterwards
+
+-------------------------------------------------------------------
New:
----
0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
----------(New B)----------
New: (boo#1247779):
* 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ busybox.spec ++++++
--- /var/tmp/diff_new_pack.CBKhI1/_old 2025-08-14 11:36:17.556005033 +0200
+++ /var/tmp/diff_new_pack.CBKhI1/_new 2025-08-14 11:36:17.560005199 +0200
@@ -55,6 +55,8 @@
Patch9:
busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
Patch10:
busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
Patch11:
busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
+# PATCH-FIX-UPSTREAM - Fix adduser inside containers (boo#1247779)
+Patch12: 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
# other patches
Patch100: busybox.install.patch
@@ -124,6 +126,8 @@
export CFLAGS="%{optflags} -fPIC -fno-strict-aliasing -I/usr/include/tirpc"
export CC="gcc"
export HOSTCC=gcc
+# Keep debug info, we take care of stripping ourselves
+export SKIP_STRIP=y
%if %{with static}
cat %{SOURCE3} %{SOURCE2} > .config
%make_build -e oldconfig
++++++ 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch ++++++
>From cd887910c75f1204056173750fcd6ae607b9f215 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fv...@suse.de>
Date: Mon, 11 Aug 2025 16:09:10 +0200
Subject: [PATCH] update_passwd: Avoid selinux_preserve_fcontext if SELinux is
disabled
Inside containers, it's possible that files have labels but otherwise
SELinux is effectively disabled/hidden (no config or /sys/fs/selinux).
In that setup, fgetfilecon succeeds but setfscreatecon fails.
Just skip all of that if SELinux is disabled.
This fixes the following error when running adduser inside a container:
adduser: can't set default file creation context to
system_u:object_r:container_file_t:s0:c292,c451: Permission denied
Signed-off-by: Fabian Vogt <fv...@suse.de>
---
libbb/update_passwd.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index a228075cc..186ebd122 100644
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -133,7 +133,10 @@ int FAST_FUNC update_passwd(const char *filename,
}
old_fd = fileno(old_fp);
- selinux_preserve_fcontext(old_fd);
+#if ENABLE_SELINUX
+ if (is_selinux_enabled() > 0)
+ selinux_preserve_fcontext(old_fd);
+#endif
/* Try to create "/etc/passwd+". Wait if it exists. */
i = 30;
--
2.50.1
