diff options
| author | Alexey Kodanev <alexey.kodanev@oracle.com> | 2019-12-03 19:00:42 +0300 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2019-12-11 09:58:45 +0100 |
| commit | ce1f9e6eb9e4aa72e9954d58d20ca11634f6fd92 (patch) | |
| tree | 8caca751d894dbf55eeee588e6756a79a3e5eec6 | |
| parent | 53b74bc6148b8001b4dcec700d2fc65de41679aa (diff) | |
| download | NetworkManager-ce1f9e6eb9e4aa72e9954d58d20ca11634f6fd92.tar.gz | |
nm-manager: fix selinux label for dhclient lease file from initramfs
When moving a lease file from initramfs directory to NetworkManager
run directory, SELinux label for that file retains tmpfs_t type.
Fix it by using sendfile() instead of rename(). That way, the
lease file will have the default type: NetworkManager_var_run_t.
Since we take ownership of the lease file, also drop it from the
old location.
* Before the patch:
ls -Z /var/run/NetworkManager/dhclient-*.lease
system_u:object_r:tmpfs_t:s0 dhclient-13162c00-abfb-4e28-bbfb-170187ddd044-ens3.lease
* After:
ls -Z /var/run/NetworkManager/dhclient-*.lease
system_u:object_r:NetworkManager_var_run_t:s0 dhclient-f47d1908-67ae-49c6-bd5e-19a690d85526-ens3.lease
Fixes: f2fe6c03ee3f ('manager: don't treat the initramfs-configured DHCP connections as generated')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/353
| -rw-r--r-- | src/nm-manager.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/src/nm-manager.c b/src/nm-manager.c index 808c6538cf..493c665792 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -11,6 +11,10 @@ #include <stdlib.h> #include <fcntl.h> #include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/sendfile.h> +#include <limits.h> #include "nm-glib-aux/nm-c-list.h" @@ -2692,6 +2696,31 @@ get_existing_connection (NMManager *self, } static gboolean +copy_lease (const char *src, const char *dst) +{ + int src_fd, dst_fd; + ssize_t res, size = SSIZE_MAX; + + src_fd = open (src, O_RDONLY|O_CLOEXEC); + if (src_fd < 0) + return FALSE; + + dst_fd = open (dst, O_CREAT|O_EXCL|O_CLOEXEC|O_WRONLY, 0644); + if (dst_fd < 0) { + close (src_fd); + return FALSE; + } + + while ((res = sendfile (dst_fd, src_fd, NULL, size)) > 0) + size -= res; + + close (src_fd); + close (dst_fd); + + return !res; +} + +static gboolean recheck_assume_connection (NMManager *self, NMDevice *device) { @@ -2732,7 +2761,8 @@ recheck_assume_connection (NMManager *self, nm_settings_connection_get_uuid (sett_conn), nm_device_get_iface (device)); - if (rename (initramfs_lease, connection_lease) == 0) { + if (copy_lease (initramfs_lease, connection_lease)) { + unlink (initramfs_lease); /* * We've managed to steal the lease used by initramfs before it * killed off the dhclient. We need to take ownership of the configured |