nm-manager: fix selinux label for dhclient lease file from initramfs
When moving a lease file from initramfs directory to NetworkManager
run directory, SELinux label for that file retains tmpfs_t type.
Fix it by using sendfile() instead of rename(). That way, the
lease file will have the default type: NetworkManager_var_run_t.
Since we take ownership of the lease file, also drop it from the
old location.
* Before the patch:
ls -Z /var/run/NetworkManager/dhclient-*.lease
system_u:object_r:tmpfs_t:s0 dhclient-13162c00-abfb-4e28-bbfb-170187ddd044-ens3.lease
* After:
ls -Z /var/run/NetworkManager/dhclient-*.lease
system_u:object_r:NetworkManager_var_run_t:s0 dhclient-f47d1908-67ae-49c6-bd5e-19a690d85526-ens3.lease
Fixes: f2fe6c03ee ('manager: don't treat the initramfs-configured DHCP connections as generated')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/353
This commit is contained in:
Alexey Kodanev
committed by
Thomas Haller
Thomas Haller
parent
53b74bc614
commit
ce1f9e6eb9
@@ -11,6 +11,10 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/sendfile.h>
|
||||||
|
#include <limits.h>
|
||||||
|
|
||||||
#include "nm-glib-aux/nm-c-list.h"
|
#include "nm-glib-aux/nm-c-list.h"
|
||||||
|
|
||||||
@@ -2691,6 +2695,31 @@ get_existing_connection (NMManager *self,
|
|||||||
return added;
|
return added;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static gboolean
|
||||||
|
copy_lease (const char *src, const char *dst)
|
||||||
|
{
|
||||||
|
int src_fd, dst_fd;
|
||||||
|
ssize_t res, size = SSIZE_MAX;
|
||||||
|
|
||||||
|
src_fd = open (src, O_RDONLY|O_CLOEXEC);
|
||||||
|
if (src_fd < 0)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
dst_fd = open (dst, O_CREAT|O_EXCL|O_CLOEXEC|O_WRONLY, 0644);
|
||||||
|
if (dst_fd < 0) {
|
||||||
|
close (src_fd);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
while ((res = sendfile (dst_fd, src_fd, NULL, size)) > 0)
|
||||||
|
size -= res;
|
||||||
|
|
||||||
|
close (src_fd);
|
||||||
|
close (dst_fd);
|
||||||
|
|
||||||
|
return !res;
|
||||||
|
}
|
||||||
|
|
||||||
static gboolean
|
static gboolean
|
||||||
recheck_assume_connection (NMManager *self,
|
recheck_assume_connection (NMManager *self,
|
||||||
NMDevice *device)
|
NMDevice *device)
|
||||||
@@ -2732,7 +2761,8 @@ recheck_assume_connection (NMManager *self,
|
|||||||
nm_settings_connection_get_uuid (sett_conn),
|
nm_settings_connection_get_uuid (sett_conn),
|
||||||
nm_device_get_iface (device));
|
nm_device_get_iface (device));
|
||||||
|
|
||||||
if (rename (initramfs_lease, connection_lease) == 0) {
|
if (copy_lease (initramfs_lease, connection_lease)) {
|
||||||
|
unlink (initramfs_lease);
|
||||||
/*
|
/*
|
||||||
* We've managed to steal the lease used by initramfs before it
|
* We've managed to steal the lease used by initramfs before it
|
||||||
* killed off the dhclient. We need to take ownership of the configured
|
* killed off the dhclient. We need to take ownership of the configured
|
||||||
|
|||||||
Reference in New Issue
Block a user