[PATCH v2] Addresses sed in-place without SELinux awareness
Dominick Grift
dominick.grift at defensec.nl
Sun May 1 11:37:58 PDT 2022
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598
This causes /etc/group to become mislabeled when a package requests that a uid/gid be added on OpenWrt with SELinux
Signed-off-by: Dominick Grift <dominick.grift at defensec.nl>
---
v2: fixes missing $IPKG_INSTROOT and avoids potential issues in set -e environments
package/base-files/files/lib/functions.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh
index ee0c33845c..942020ec0a 100644
--- a/package/base-files/files/lib/functions.sh
+++ b/package/base-files/files/lib/functions.sh
@@ -387,6 +387,9 @@ group_add_user() {
[ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd
sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group
[ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd
+ if [ -x /usr/sbin/selinuxenabled ] && selinuxenabled; then
+ restorecon ${IPKG_INSTROOT}/etc/group
+ fi
}
user_add() {
--
2.35.1
More information about the openwrt-devel
mailing list