327e54e421
The upstream PR was closed with the intent to force the SELinux policy to be updated instead. While we're waiting for that to happen, include the patch here.
42 lines
1.9 KiB
Diff
42 lines
1.9 KiB
Diff
From e4e1e425394dcef01317c42b34c133768c26b765 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Sat, 30 Aug 2025 13:55:56 +0200
|
|
Subject: [PATCH] core: create userdb root directory with correct label
|
|
|
|
Set up the /run/systemd/userdb directory with the default SELinux context
|
|
on creation.
|
|
|
|
With version 257.7-1 on Debian the directory was automatically created with the
|
|
correct label. Starting with version 258 (only tested with 258~rc3-1) it no
|
|
longer is. Regression introduced in 736349958efe34089131ca88950e2e5bb391d36a.
|
|
|
|
[zjs: edited the patch to apply comments from review and update the description.]
|
|
---
|
|
src/core/varlink.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/core/varlink.c b/src/core/varlink.c
|
|
index 8c6b95e31d1d5..110b281842373 100644
|
|
--- a/src/core/varlink.c
|
|
+++ b/src/core/varlink.c
|
|
@@ -6,6 +6,7 @@
|
|
#include "errno-util.h"
|
|
#include "json-util.h"
|
|
#include "manager.h"
|
|
+#include "mkdir-label.h"
|
|
#include "path-util.h"
|
|
#include "pidref.h"
|
|
#include "string-util.h"
|
|
@@ -424,7 +425,11 @@ static int manager_varlink_init_system(Manager *m) {
|
|
if (!fresh && varlink_server_contains_socket(m->varlink_server, address))
|
|
continue;
|
|
|
|
- r = sd_varlink_server_listen_address(m->varlink_server, address, 0666 | SD_VARLINK_SERVER_MODE_MKDIR_0755);
|
|
+ r = mkdir_parents_label(address, 0755);
|
|
+ if (r < 0)
|
|
+ log_warning_errno(r, "Failed to create parent directory of '%s', ignoring: %m", address);
|
|
+
|
|
+ r = sd_varlink_server_listen_address(m->varlink_server, address, 0666);
|
|
if (r < 0)
|
|
return log_error_errno(r, "Failed to bind to varlink socket '%s': %m", address);
|
|
}
|