[openwrt/openwrt] base-files: address sed in-place without SELinux awareness
LEDE Commits
lede-commits at lists.infradead.org
Tue May 3 12:33:47 PDT 2022
dangole pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/9282cb0be06c103b229d5f4555c7a2b0448f58fe
commit 9282cb0be06c103b229d5f4555c7a2b0448f58fe
Author: Dominick Grift <dominick.grift at defensec.nl>
AuthorDate: Sun May 1 19:54:04 2022 +0200
base-files: address sed in-place without SELinux awareness
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598
This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux
Signed-off-by: Daniel Golle <daniel at makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift at defensec.nl>
(cherry picked from commit 5109bd164c8f2273329483f990188fb36cf3ad68)
---
package/base-files/files/lib/functions.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh
index ee0c33845c..9db0871d6c 100644
--- a/package/base-files/files/lib/functions.sh
+++ b/package/base-files/files/lib/functions.sh
@@ -386,6 +386,7 @@ group_add_user() {
echo "$grp" | grep -q ":$" && delim=""
[ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd
sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group
+ selinuxenabled 2>/dev/null && restorecon /etc/group
[ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd
}
More information about the lede-commits
mailing list