[systemd-devel] [PATCH] sysusers: Preserve label of /etc/{passwd, group}

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Mon Jul 21 06:46:10 PDT 2014


On Mon, Jul 21, 2014 at 10:26:20AM +0200, Miroslav Grepl wrote:
> On 07/13/2014 10:35 PM, Colin Walters wrote:
> >On Sat, Jul 12, 2014, at 06:48 AM, Zbigniew Jędrzejewski-Szmek wrote:
> >>please excuse my possibly ignorant questions, selinux is not my forte.
> >>If the files are nonexistent, will this fail? But sysusers should be
> >>able to create /etc from scratch.
> >True, fixed.
> >
> >>Why cannot the same code as in write_string_file_atomic_label be used
> >>instead?
> >We're writing more than one line, and in addition we need to look up the
> >label for /etc/passwd even if we're operating on a chroot.
> >>BTW, you're returning -1 here, but should be -errno.
> >This code is gone now; new patch attached.
> >
> # ls -Z /etc/passwd* /etc/group*
> 
> with this patch?
-rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/group
-rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/passwd

Zbyszek


More information about the systemd-devel mailing list