diff --git a/0042-use-non-raw-selinux-api-replace-raws.patch b/0042-use-non-raw-selinux-api-replace-raws.patch new file mode 100644 index 0000000000000000000000000000000000000000..fad31b61ee729012a076d55125c5f76953b15848 --- /dev/null +++ b/0042-use-non-raw-selinux-api-replace-raws.patch @@ -0,0 +1,67 @@ +From 2021c2c41089873db6fd6a4a7a2968e6b78dc5d8 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Fri, 22 Apr 2022 07:33:32 +0100 +Subject: [PATCH] use non-raw selinux api replace raws + +Signed-off-by: haozi007 +--- + configure.ac | 4 ++-- + src/lxc/lsm/selinux.c | 8 ++++---- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 7766638..a77edb7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -297,12 +297,12 @@ AC_ARG_ENABLE([selinux], + [enable_selinux=$enableval], [enable_selinux=auto]) + + if test "x$enable_selinux" = xauto; then +- AC_CHECK_LIB([selinux],[setexeccon_raw],[enable_selinux=yes],[enable_selinux=no]) ++ AC_CHECK_LIB([selinux],[setexeccon],[enable_selinux=yes],[enable_selinux=no]) + fi + AM_CONDITIONAL([ENABLE_SELINUX], [test "x$enable_selinux" = "xyes"]) + AM_COND_IF([ENABLE_SELINUX], + [AC_CHECK_HEADER([selinux/selinux.h],[],[AC_MSG_ERROR([You must install the SELinux development package in order to compile lxc])]) +- AC_CHECK_LIB([selinux], [setexeccon_raw],[true],[AC_MSG_ERROR([You must install the SELinux development package in order to compile lxc])]) ++ AC_CHECK_LIB([selinux], [setexeccon],[true],[AC_MSG_ERROR([You must install the SELinux development package in order to compile lxc])]) + AC_SUBST([SELINUX_LIBS], [-lselinux])]) + + # Seccomp syscall filter +diff --git a/src/lxc/lsm/selinux.c b/src/lxc/lsm/selinux.c +index 0a1e205..9bb32e3 100644 +--- a/src/lxc/lsm/selinux.c ++++ b/src/lxc/lsm/selinux.c +@@ -39,7 +39,7 @@ static char *selinux_process_label_get(pid_t pid) + char *ctx; + char *label; + +- if (getpidcon_raw(pid, &ctx) < 0) { ++ if (getpidcon(pid, &ctx) < 0) { + SYSERROR("failed to get SELinux context for pid %d", pid); + return NULL; + } +@@ -75,9 +75,9 @@ static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf, + return 0; + + if (on_exec) +- ret = setexeccon_raw((char *)label); ++ ret = setexeccon((char *)label); + else +- ret = setcon_raw((char *)label); ++ ret = setcon((char *)label); + if (ret < 0) { + SYSERROR("Failed to set SELinux%s context to \"%s\"", + on_exec ? " exec" : "", label); +@@ -347,7 +347,7 @@ static int selinux_relabel(const char *path, const char *label, bool shared) + */ + static int selinux_keyring_label_set(char *label) + { +- return setkeycreatecon_raw(label); ++ return setkeycreatecon(label); + }; + + static struct lsm_drv selinux_drv = { +-- +2.20.1 + diff --git a/lxc.spec b/lxc.spec index d8504d675e3298fc6aab79b65d29305bd3024971..46a445e08a0b27ad6b169aebae9ddcc573b91b4c 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,4 +1,4 @@ -%global _release 2022041501 +%global _release 2022042201 Name: lxc Version: 4.0.3 @@ -49,6 +49,7 @@ Patch0038: 0038-just-print-error-when-new-lock-failed.patch Patch0039: 0039-fix-bug-of-memory-free.patch Patch0040: 0040-refactor-the-way-to-convert-selinux-label-to-shared.path Patch0041: 0041-do-not-free-the-pointer-returned-by-dirname.patch +Patch0042: 0042-use-non-raw-selinux-api-replace-raws.patch BuildRequires: systemd-units git libtool graphviz docbook2X doxygen chrpath BuildRequires: pkgconfig(libseccomp) @@ -220,6 +221,12 @@ make check %{_mandir}/*/man7/%{name}* %changelog +* Fri Apr 15 2022 wujing - 4.0.3-2022042201 +- Type:refactor +- ID:NA +- SUG:NA +- DESC: use non-raw selinux api replace raws + * Fri Apr 15 2022 wujing - 4.0.3-2022041501 - Type:refactor - ID:NA diff --git a/series.conf b/series.conf index 7c6011f61f8a46766e2b7f43ef2e48280c24f194..9d534086367a80d146f50662c1f72c3071bca41e 100644 --- a/series.conf +++ b/series.conf @@ -39,3 +39,4 @@ 0039-fix-bug-of-memory-free.patch 0040-refactor-the-way-to-convert-selinux-label-to-shared.path 0041-do-not-free-the-pointer-returned-by-dirname.patch +0042-use-non-raw-selinux-api-replace-raws.patch