From ce1f9e6eb9e4aa72e9954d58d20ca11634f6fd92 Mon Sep 17 00:00:00 2001
From: Alexey Kodanev <alexey.kodanev@oracle.com>
Date: Tue, 3 Dec 2019 19:00:42 +0300
Subject: [PATCH] nm-manager: fix selinux label for dhclient lease file from
 initramfs

When moving a lease file from initramfs directory to NetworkManager
run directory, SELinux label for that file retains tmpfs_t type.

Fix it by using sendfile() instead of rename(). That way, the
lease file will have the default type: NetworkManager_var_run_t.
Since we take ownership of the lease file, also drop it from the
old location.

* Before the patch:
ls -Z /var/run/NetworkManager/dhclient-*.lease
system_u:object_r:tmpfs_t:s0 dhclient-13162c00-abfb-4e28-bbfb-170187ddd044-ens3.lease

* After:
ls -Z /var/run/NetworkManager/dhclient-*.lease
system_u:object_r:NetworkManager_var_run_t:s0 dhclient-f47d1908-67ae-49c6-bd5e-19a690d85526-ens3.lease

Fixes: f2fe6c03ee3f ('manager: don't treat the initramfs-configured DHCP connections as generated')

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/353
---
 src/nm-manager.c | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/nm-manager.c b/src/nm-manager.c
index 808c6538c..493c66579 100644
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@@ -11,6 +11,10 @@
 #include <stdlib.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/sendfile.h>
+#include <limits.h>
 
 #include "nm-glib-aux/nm-c-list.h"
 
@@ -2691,6 +2695,31 @@ get_existing_connection (NMManager *self,
 	return added;
 }
 
+static gboolean
+copy_lease (const char *src, const char *dst)
+{
+	int src_fd, dst_fd;
+	ssize_t res, size = SSIZE_MAX;
+
+	src_fd = open (src, O_RDONLY|O_CLOEXEC);
+	if (src_fd < 0)
+		return FALSE;
+
+	dst_fd = open (dst, O_CREAT|O_EXCL|O_CLOEXEC|O_WRONLY, 0644);
+	if (dst_fd < 0) {
+		close (src_fd);
+		return FALSE;
+	}
+
+	while ((res = sendfile (dst_fd, src_fd, NULL, size)) > 0)
+		size -= res;
+
+	close (src_fd);
+	close (dst_fd);
+
+	return !res;
+}
+
 static gboolean
 recheck_assume_connection (NMManager *self,
                            NMDevice *device)
@@ -2732,7 +2761,8 @@ recheck_assume_connection (NMManager *self,
 		                                                  nm_settings_connection_get_uuid (sett_conn),
 		                                                  nm_device_get_iface (device));
 
-		if (rename (initramfs_lease, connection_lease) == 0) {
+		if (copy_lease (initramfs_lease, connection_lease)) {
+			unlink (initramfs_lease);
 			/*
 			 * We've managed to steal the lease used by initramfs before it
 			 * killed off the dhclient. We need to take ownership of the configured