Hi Openembedded/Khem, Is there any update on this patch?
Could you please let me know? Thanks & Regards, Purushottam ________________________________ From: Purushottam Choudhary <[email protected]> Sent: Wednesday, November 4, 2020 4:04 PM To: [email protected] <[email protected]>; [email protected] <[email protected]> Cc: Nisha Parrakat <[email protected]>; Anuj Chougule <[email protected]>; Aditya Tayade <[email protected]> Subject: [poky][master][PATCH] systemd: selinux hook handling to enumerate nexthop When selinux is enabled, the call of manager_rtnl_enumerate_nexthop() fails. This fix is to facilitate selinux hook handling for enumerating nexthop. In manager_rtnl_enumerate_nexthop() there is a check if "Not supported" is returned by the send_netlink() call. This check expects that -EOPNOTSUPP is returned, the selinux hook seems to return -EINVAL instead. This happens in kernel older than 5.3 (more specificallytorvalds/linux@65ee00a) as it does not support nexthop handling through netlink. And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP returns -EINVAL. Thus adding a call in the manager_rtnl_enumerate_nexthop for the extra return -EINVAL. Note: systemd version is different in yocto project (v246.6) and systemd master(v247) and In systemd verison(246.6) mac_selinux_enforcing() function is not declared and defined. Signed-off-by: Purushottam choudhary <[email protected]> --- ...elinux-hook-handling-to-enumerate-nexthop.patch | 46 ++++++++++++++++++++++ meta/recipes-core/systemd/systemd_246.6.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch diff --git a/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch new file mode 100644 index 0000000..b1c92ed --- /dev/null +++ b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch @@ -0,0 +1,46 @@ +From 92b555aaabf710e0a672a7244e8c0e3963075133 Mon Sep 17 00:00:00 2001 +From: Purushottam choudhary <[email protected]> +Date: Wed, 28 Oct 2020 22:11:49 +0530 +Subject: [PATCH] network: selinux hook handling to enumerate nexthop + +When selinux is enabled, the call of +manager_rtnl_enumerate_nexthop() fails. + +This fix is to facilitate selinux hook handling for enumerating +nexthop. + +In manager_rtnl_enumerate_nexthop() there is a check +if "Not supported" is returned by the send_netlink() call. + +This check expects that -EOPNOTSUPP is returned, +the selinux hook seems to return -EINVAL instead. + +This happens in kernel older than 5.3 +(more specificallytorvalds/linux@65ee00a) as it does not support +nexthop handling through netlink. + +And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP +returns -EINVAL. + +Thus adding a call in the manager_rtnl_enumerate_nexthop for the +extra return -EINVAL. + +Upstream-Status: Backport +https://github.com/systemd/systemd/commit/92b555aaabf710e0a672a7244e8c0e3963075133 +--- + src/network/networkd-manager.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index a6c1a39..2a9be85 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -2121,7 +2121,7 @@ int manager_rtnl_enumerate_nexthop(Manager *m) { + + r = sd_netlink_call(m->rtnl, req, 0, &reply); + if (r < 0) { +- if (r == -EOPNOTSUPP) { ++ if (r == -EOPNOTSUPP || r == -EINVAL) { + log_debug("Nexthop are not supported by the kernel. Ignoring."); + return 0; + } diff --git a/meta/recipes-core/systemd/systemd_246.6.bb b/meta/recipes-core/systemd/systemd_246.6.bb index 9215adf..78990f4 100644 --- a/meta/recipes-core/systemd/systemd_246.6.bb +++ b/meta/recipes-core/systemd/systemd_246.6.bb @@ -21,6 +21,7 @@ SRC_URI += "file://touchscreen.rules \ file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0003-implment-systemd-sysv-install-for-OE.patch \ file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \ + file://selinux-hook-handling-to-enumerate-nexthop.patch \ " # patches needed by musl -- 2.7.4 This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#144496): https://lists.openembedded.org/g/openembedded-core/message/144496 Mute This Topic: https://lists.openembedded.org/mt/78026125/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
