diff --git a/0005-lsm-use-the-user-provided-lsm-label.patch b/0005-lsm-use-the-user-provided-lsm-label.patch new file mode 100644 index 0000000000000000000000000000000000000000..889baaa268f10139511054f124e39cb9fffe4d19 --- /dev/null +++ b/0005-lsm-use-the-user-provided-lsm-label.patch @@ -0,0 +1,30 @@ +From ed6374b48c5923bca53d760ac6f04a2817236407 Mon Sep 17 00:00:00 2001 +From: Adrian Reber +Date: Thu, 6 Feb 2025 11:07:17 +0100 +Subject: [PATCH] lsm: use the user provided lsm label + +Currently CRIU has the possibility to specify a LSM label during +restore. Unfortunately the information is completely ignored in the case +of SELinux. + +This change selects the lsm label from the user if it is provided and +else the label from the checkpoint image is used. + +Signed-off-by: Adrian Reber +--- + criu/lsm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/criu/lsm.c b/criu/lsm.c +index d1b73cc79e..70b66d42ee 100644 +--- a/criu/lsm.c ++++ b/criu/lsm.c +@@ -370,7 +370,7 @@ int render_lsm_profile(char *profile, char **val) + case LSMTYPE__APPARMOR: + return render_aa_profile(val, profile); + case LSMTYPE__SELINUX: +- if (asprintf(val, "%s", profile) < 0) { ++ if (asprintf(val, "%s", opts.lsm_supplied ? opts.lsm_profile : profile) < 0) { + *val = NULL; + return -1; + } diff --git a/criu.spec b/criu.spec index f84ab3d9cd74576b1fd016c59cc357eeaa43c509..af61d98db227acdfa6f2784520d3bd5ef20847f7 100644 --- a/criu.spec +++ b/criu.spec @@ -1,6 +1,6 @@ Name: criu Version: 3.19 -Release: 5 +Release: 6 Provides: crtools = %{version}-%{release} Obsoletes: crtools <= 1.0-2 Summary: A tool of Checkpoint/Restore in User-space @@ -20,6 +20,7 @@ Patch1: 0001-criu-dump-and-restore-cpu-affinity-of-each-thread.patch Patch2: 0002-Add-sys_sched_setaffinity-define-for-loongarch64.patch Patch3: 0003-chore-support-building-without-network.patch Patch4: 0004-criu-fix-log_keep_err-signal-deadlock.patch +Patch5: 0005-lsm-use-the-user-provided-lsm-label.patch %description Checkpoint/Restore in Userspace(CRIU),is a software tool for the linux operating system. @@ -105,6 +106,9 @@ chmod 0755 %{buildroot}/run/%{name}/ %doc %{_mandir}/man1/{compel.1*,crit.1*,criu-ns.1*,criu-amdgpu-plugin.1*} %changelog +* Mon Apr 21 2025 maxin - 3.19-6 +- lsm: use the user provided lsm label + * Fri Apr 18 2025 maxin - 3.19-5 - fix log_keep_err signal deadlock