Re: [oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for initiatorname.iscsi

Tue, 03 Mar 2015 23:27:07 -0800 

On 02/12/2015 10:17 AM, Joe MacDonald wrote:

Hey Wenzong,

[[oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for 
initiatorname.iscsi] On 15.02.04 (Wed 17:33) [email protected] wrote:


From: Wenzong Fan <[email protected]>

* /etc/iscsi/initiatorname.iscsi: etc_runtime_t -> etc_t

This config file was created by postinstall or initscript, fix SELinux
label for it to remove:

   avc: denied { read } for pid=6094 comm="iscsid" \
   name="initiatorname.iscsi" dev="sda3" ino=1057846 \
   scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \
   tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file


Since this is an issue that only shows up when you have SELinux on your
system and since it is tweaking a file that is manually installed by a
do_install() in iscsi-initiator-utils, could you re-work this as a
bbappend in meta-selinux?


Hi Joe,
This make sense, but there's an issue that meta-networking is not depended by meta-selinux, adding a bbappend may block the building of meta-selinux & oe-core only. 

Any suggestions about that?

Thanks
Wenzong



-J.



Signed-off-by: Wenzong Fan <[email protected]>
---
  .../recipes-daemons/iscsi-initiator-utils/files/initd.debian          | 4 ++++
  1 file changed, 4 insertions(+)

diff --git 
a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian 
b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
index 99a7638..43fb348 100644
--- a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
+++ b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian
@@ -39,6 +39,10 @@ start() {
  InitiatorName=$INITIATORNAME
  EOF
        fi
+
+       # Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled
+       test ! -x /sbin/restorecon || /sbin/restorecon -F 
/etc/iscsi/initiatorname.iscsi
+
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON
        RETVAL=$?
        starttargets
--
1.9.1


--
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Reply via email to