Accepting request 1031456 from home:jsegitz:branches:openSUSE:Factory

- Add selinux_transactional_update.patch to ignore errors when setting file labels during transactional updates. They will be set upon reboot once the new policy is loaded (bsc#1204605) OBS-URL: https://build.opensuse.org/request/show/1031456 OBS-URL: https://build.opensuse.org/package/show/Base:System/rpm?expand=0&rev=623
2022-11-10 11:59:16 +00:00 · 2022-11-10 11:59:16 +00:00 · bffb5f187b
commit bffb5f187b
parent e72ca91119
3 changed files with 38 additions and 0 deletions
--- a/rpm.changes
+++ b/rpm.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Oct 25 12:15:12 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Add selinux_transactional_update.patch to ignore errors when setting
+  file labels during transactional updates. They will be set upon
+  reboot once the new policy is loaded (bsc#1204605)
+
 -------------------------------------------------------------------
 Fri Sep 23 11:06:06 UTC 2022 - Stephan Kulow <coolo@suse.com>

--- a/rpm.spec
+++ b/rpm.spec
@ -111,6 +111,7 @@ Patch123:       nextiteratorheaderblob.diff
 Patch131:       posttrans.diff
 Patch133:       zstdpool.diff
 Patch134:       zstdthreaded.diff
+Patch135:       selinux_transactional_update.patch
 # touches a generated file
 Patch180:       whatrequires-doc.diff
 Patch6464:      auto-config-update-aarch64-ppc64le.diff
@ -222,6 +223,7 @@ rm -rf sqlite
 %patch -P 100        -P 102 -P 103
 %patch                                                  -P 117
 %patch -P 122 -P 123               -P 131        -P 133 -P 134
+%patch -p1 -P 135
 %patch -P 180

 %ifarch aarch64 ppc64le riscv64
--- a/selinux_transactional_update.patch
+++ b/selinux_transactional_update.patch
@ -0,0 +1,29 @@
+Index: rpm-4.17.1.1/plugins/selinux.c
+===================================================================
+--- rpm-4.17.1.1.orig/plugins/selinux.c
+++ rpm-4.17.1.1/plugins/selinux.c
+@@ -7,6 +7,7 @@
+ #include <rpm/rpmlog.h>
+ #include <rpm/rpmts.h>
+ #include "lib/rpmplugin.h"
+#include <stdlib.h>
+ 
+ #include "debug.h"
+ 
+@@ -165,9 +166,15 @@ static rpmRC selinux_fsm_file_prepare(rp
+ 	char *scon = NULL;
+ 	if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
+ 	    int conrc = lsetfilecon(path, scon);
+-
+ 	    if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
+ 		rc = RPMRC_OK;
+	    else {
+		char *tup = getenv("TRANSACTIONAL_UPDATE");
+		if ( tup != NULL && ! strncmp( tup, "true", 4 ) ) {
+		    rpmlog(RPMLOG_DEBUG, "lsetfilecon failed, will be healed upon reboot (transactional update): (%s, %s)\n", path, scon);
+		    rc = RPMRC_OK;
+		}
+	    }
+ 
+ 	    rpmlog(loglvl(rc != RPMRC_OK), "lsetfilecon: (%s, %s) %s\n",
+ 		       path, scon, (conrc < 0 ? strerror(errno) : ""));