[Re: [oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for initiatorname.iscsi] On 15.03.04 (Wed 15:25) wenzong fan wrote:
> On 02/12/2015 10:17 AM, Joe MacDonald wrote: > >Hey Wenzong, > > > >[[oe] [PATCH][meta-networking] iscsi-initiator-utils: fix SELinux label for > >initiatorname.iscsi] On 15.02.04 (Wed 17:33) [email protected] wrote: > > > >>From: Wenzong Fan <[email protected]> > >> > >>* /etc/iscsi/initiatorname.iscsi: etc_runtime_t -> etc_t > >> > >>This config file was created by postinstall or initscript, fix SELinux > >>label for it to remove: > >> > >> avc: denied { read } for pid=6094 comm="iscsid" \ > >> name="initiatorname.iscsi" dev="sda3" ino=1057846 \ > >> scontext=system_u:system_r:iscsid_t:s0-s15:c0.c1023 \ > >> tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file > > > >Since this is an issue that only shows up when you have SELinux on your > >system and since it is tweaking a file that is manually installed by a > >do_install() in iscsi-initiator-utils, could you re-work this as a > >bbappend in meta-selinux? > > Hi Joe, > > This make sense, but there's an issue that meta-networking is not > depended by meta-selinux, adding a bbappend may block the building > of meta-selinux & oe-core only. > > Any suggestions about that? As a matter of fact, we just addressed that with d382d54f0a9a913791fca1d7f61e87fcfd32842b in meta-selinux a couple of weeks back. There is still a mistake in that, but Philip has a patch for it that I'm integrating now, but the core idea works. So your patch would go into a networking-layer/ hierarchy in meta-selinux/ and then it would either be picked up if meta-networking is included or ignored in the meta-selinux+oe-core-only scenario. -J. > > Thanks > Wenzong > > > > >-J. > > > >> > >>Signed-off-by: Wenzong Fan <[email protected]> > >>--- > >> .../recipes-daemons/iscsi-initiator-utils/files/initd.debian | 4 > >> ++++ > >> 1 file changed, 4 insertions(+) > >> > >>diff --git > >>a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian > >>b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian > >>index 99a7638..43fb348 100644 > >>--- > >>a/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian > >>+++ > >>b/meta-networking/recipes-daemons/iscsi-initiator-utils/files/initd.debian > >>@@ -39,6 +39,10 @@ start() { > >> InitiatorName=$INITIATORNAME > >> EOF > >> fi > >>+ > >>+ # Fix label for /etc/iscsi/initiatorname.iscsi if SELinux was enabled > >>+ test ! -x /sbin/restorecon || /sbin/restorecon -F > >>/etc/iscsi/initiatorname.iscsi > >>+ > >> start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON > >> RETVAL=$? > >> starttargets > >>-- > >>1.9.1 > >> -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
