From 5cdc00d6e61463d81479ea444c93c40060605f76 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Oct 01 2014 18:13:26 +0000 Subject: Revert "don't reset selinux context during CHANGE events" This reverts commit 9a5afe8dab79b3031f5448517b76bf16f0b0779a. We must not diconnect selinux label application from udev's primary device node permission handling. They are all applied by udev at the same time or not applied at all. External tools which mangle device node permissions must not install rules to instruct udev to manage the permissions, they can *own* the device nodes but need to call chmod()/chown() themselves. --- diff --git a/0001-udev-set-default-selinux-label-only-at-add-events.patch b/0001-udev-set-default-selinux-label-only-at-add-events.patch deleted file mode 100644 index c730ee5..0000000 --- a/0001-udev-set-default-selinux-label-only-at-add-events.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 9a1121532e361c23bc632acc81fa0767e937a507 Mon Sep 17 00:00:00 2001 -From: Federico Simoncelli -Date: Tue, 30 Sep 2014 13:01:49 +0000 -Subject: [PATCH] udev: set default selinux label only at "add" events - ---- - src/udev/udev-node.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index d42af9a..ae117a0 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -314,7 +314,7 @@ static int node_permissions_apply(struct udev_device *dev, bool apply, - } - - /* set the defaults */ -- if (!selinux) -+ if (!selinux && streq(udev_device_get_action(dev), "add")) - label_fix(devnode, true, false); - if (!smack) - smack_label_path(devnode, NULL); --- -1.8.3.1 - diff --git a/systemd.spec b/systemd.spec index a6909ea..3fbaa58 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 216 -Release: 7%{?gitcommit:.git%{gitcommit}}%{?dist} +Release: 8%{?gitcommit:.git%{gitcommit}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager @@ -58,9 +58,6 @@ Patch0011: 0011-Revert-timesyncd-remove-retry_timer-logic-which-is-c.patch # kernel-install patch for grubby, drop if grubby is obsolete Patch1000: kernel-install-grubby.patch -# temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1147910 -Patch1001: 0001-udev-set-default-selinux-label-only-at-add-events.patch - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} BuildRequires: libcap-devel @@ -817,6 +814,9 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd %{_datadir}/systemd/gatewayd %changelog +* Wed Oct 01 2014 Kay Sievers - 216-8 +- revert "don't reset selinux context during CHANGE events" + * Wed Oct 01 2014 Lukáš Nykrýn - 216-7 - add temporary workaround for #1147910 - don't reset selinux context during CHANGE events