From c521df3f0a86521ce78fd5c057293b2c242fba79 Mon Sep 17 00:00:00 2001 From: Purushottam choudhary Date: Wed, 4 Nov 2020 16:04:00 +0530 Subject: systemd: selinux hook handling to enumerate nexthop When selinux is enabled, the call of manager_rtnl_enumerate_nexthop() fails. This fix is to facilitate selinux hook handling for enumerating nexthop. In manager_rtnl_enumerate_nexthop() there is a check if "Not supported" is returned by the send_netlink() call. This check expects that -EOPNOTSUPP is returned, the selinux hook seems to return -EINVAL instead. This happens in kernel older than 5.3 (more specificallytorvalds/linux@65ee00a) as it does not support nexthop handling through netlink. And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP returns -EINVAL. Thus adding a call in the manager_rtnl_enumerate_nexthop for the extra return -EINVAL. Note: systemd version is different in yocto project (v246.6) and systemd master(v247) and In systemd verison(246.6) mac_selinux_enforcing() function is not declared and defined. Signed-off-by: Purushottam choudhary Signed-off-by: Richard Purdie --- ...elinux-hook-handling-to-enumerate-nexthop.patch | 46 ++++++++++++++++++++++ meta/recipes-core/systemd/systemd_246.6.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch (limited to 'meta/recipes-core/systemd') diff --git a/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch new file mode 100644 index 0000000000..b1c92ed713 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch @@ -0,0 +1,46 @@ +From 92b555aaabf710e0a672a7244e8c0e3963075133 Mon Sep 17 00:00:00 2001 +From: Purushottam choudhary +Date: Wed, 28 Oct 2020 22:11:49 +0530 +Subject: [PATCH] network: selinux hook handling to enumerate nexthop + +When selinux is enabled, the call of +manager_rtnl_enumerate_nexthop() fails. + +This fix is to facilitate selinux hook handling for enumerating +nexthop. + +In manager_rtnl_enumerate_nexthop() there is a check +if "Not supported" is returned by the send_netlink() call. + +This check expects that -EOPNOTSUPP is returned, +the selinux hook seems to return -EINVAL instead. + +This happens in kernel older than 5.3 +(more specificallytorvalds/linux@65ee00a) as it does not support +nexthop handling through netlink. + +And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP +returns -EINVAL. + +Thus adding a call in the manager_rtnl_enumerate_nexthop for the +extra return -EINVAL. + +Upstream-Status: Backport +https://github.com/systemd/systemd/commit/92b555aaabf710e0a672a7244e8c0e3963075133 +--- + src/network/networkd-manager.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index a6c1a39..2a9be85 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -2121,7 +2121,7 @@ int manager_rtnl_enumerate_nexthop(Manager *m) { + + r = sd_netlink_call(m->rtnl, req, 0, &reply); + if (r < 0) { +- if (r == -EOPNOTSUPP) { ++ if (r == -EOPNOTSUPP || r == -EINVAL) { + log_debug("Nexthop are not supported by the kernel. Ignoring."); + return 0; + } diff --git a/meta/recipes-core/systemd/systemd_246.6.bb b/meta/recipes-core/systemd/systemd_246.6.bb index 9215adf8dc..78990f41ec 100644 --- a/meta/recipes-core/systemd/systemd_246.6.bb +++ b/meta/recipes-core/systemd/systemd_246.6.bb @@ -21,6 +21,7 @@ SRC_URI += "file://touchscreen.rules \ file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0003-implment-systemd-sysv-install-for-OE.patch \ file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \ + file://selinux-hook-handling-to-enumerate-nexthop.patch \ " # patches needed by musl -- cgit 1.2.3-korg