[Rpm-maint] [rpm-software-management/rpm] Bug feedback,When rpm-plugin-selinux and rpm -- root are used at the same time, the selinux status of the new directory cannot be correctly recognized (Issue #2400)
kiraskyler
notifications at github.com
Mon Feb 27 01:48:23 UTC 2023
https://github.com/rpm-software-management/rpm/blob/master/plugins/selinux.c
```
static rpmRC sehandle_init(int open_status)
{
const char * path = selinux_file_context_path();
struct selinux_opt opts[] = {
{ .type = SELABEL_OPT_PATH, .value = path }
};
if (path == NULL)
return RPMRC_FAIL;
if (open_status) {
selinux_status_close();
if (selinux_status_open(0) < 0) {
return RPMRC_FAIL;
}
selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &logcb);
} else if (!selinux_status_updated() && sehandle) {
return RPMRC_OK;
}
if (sehandle)
sehandle_fini(0);
sehandle = selabel_open(SELABEL_CTX_FILE, opts, 1);
rpmlog(loglvl(sehandle == NULL), "selabel_open: (%s) %s\n",
path, (sehandle == NULL ? strerror(errno) : ""));
return (sehandle != NULL) ? RPMRC_OK : RPMRC_FAIL;
}
```
When you specify ```--root=other directories``` when installing the software, only use the function ```selinux_ status_ close``` and ```selinux_ status_open``` cannot get the status of the new installation directory. At this time, the function ```selinux_ file_ context_path``` still obtains the original environment when executing the rpm command
**example**
Selinux in the old environment is target mode, while selinux in the new environment is mls mode
```selinux_ file_ context_ path``` gets the target mode
chroot
```selinux_ file_ context_ path``` still obtains the target mode
This is because this mode is read from the ```/etc/selinux/config``` file and needs to use ```selinux_reset_config``` function can reload the config file in the new installation directory
**These actions may be required to repair this code**
After the chroot of the rpm installation process, or the ```sehandle_init``` function, when the root directory is modified, execute ```selinux once_reset_config``` function
**Possible problems**
The libselinux library used for the parsing of the ```etc/seliux/config``` file. If the libselinux of the installed environment is inconsistent with the libselinux of the current environment in the method of parsing this file (for example, when the version is updated), whether chroot is required and the libselinux library of the installed environment is dynamically loaded when calling libselinux
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2400
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2400 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230226/70646078/attachment.html>
More information about the Rpm-maint
mailing list