systemd: selinux hook handling to enumerate nexthop

When selinux is enabled, the call of manager_rtnl_enumerate_nexthop() fails. This fix is to facilitate selinux hook handling for enumerating nexthop. In manager_rtnl_enumerate_nexthop() there is a check if "Not supported" is returned by the send_netlink() call. This check expects that -EOPNOTSUPP is returned, the selinux hook seems to return -EINVAL instead. This happens in kernel older than 5.3 (more specificallytorvalds/linux@65ee00a) as it does not support nexthop handling through netlink. And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP returns -EINVAL. Thus adding a call in the manager_rtnl_enumerate_nexthop for the extra return -EINVAL. Note: systemd version is different in yocto project (v246.6) and systemd master(v247) and In systemd verison(246.6) mac_selinux_enforcing() function is not declared and defined. (From OE-Core rev: c521df3f0a86521ce78fd5c057293b2c242fba79) Signed-off-by: Purushottam choudhary <purushottam.choudhary@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Purushottam choudhary <purushottam.choudhary@kpit.com> 2020-11-04 16:04:00 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-11-08 14:03:20 +0000
commit: ec37a2be661bbaa494455a5417db148495920039 (patch)
tree: 306a8ae9792a38a8cea4b5ce6a6684c5556f536b /meta/recipes-core
parent: ce447d70df386ca55ce1672478b245851556374e (diff)
download: poky-ec37a2be661bbaa494455a5417db148495920039.tar.gz
2 files changed, 47 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch
new file mode 100644
index 0000000000..b1c92ed713
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch
@@ -0,0 +1,46 @@
+From 92b555aaabf710e0a672a7244e8c0e3963075133 Mon Sep 17 00:00:00 2001
+From: Purushottam choudhary <purushottam.choudhary@kpit.com>
+Date: Wed, 28 Oct 2020 22:11:49 +0530
+Subject: [PATCH] network: selinux hook handling to enumerate nexthop
+When selinux is enabled, the call of
+manager_rtnl_enumerate_nexthop() fails.
+This fix is to facilitate selinux hook handling for enumerating
+nexthop.
+In manager_rtnl_enumerate_nexthop() there is a check
+if "Not supported" is returned by the send_netlink() call.
+This check expects that -EOPNOTSUPP is returned,
+the selinux hook seems to return -EINVAL instead.
+This happens in kernel older than 5.3
+(more specificallytorvalds/linux@65ee00a) as it does not support
+nexthop handling through netlink.
+And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP
+returns -EINVAL.
+Thus adding a call in the manager_rtnl_enumerate_nexthop for the
+extra return -EINVAL.
+Upstream-Status: Backport
+https://github.com/systemd/systemd/commit/92b555aaabf710e0a672a7244e8c0e3963075133
+---
+ src/network/networkd-manager.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
+index a6c1a39..2a9be85 100644
+--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
+@@ -2121,7 +2121,7 @@ int manager_rtnl_enumerate_nexthop(Manager *m) {
+         r = sd_netlink_call(m->rtnl, req, 0, &reply);
+         if (r < 0) {
+-                if (r == -EOPNOTSUPP) {
+                if (r == -EOPNOTSUPP || r == -EINVAL) {
+                         log_debug("Nexthop are not supported by the kernel. Ignoring.");
+                         return 0;
+                 }
diff --git a/meta/recipes-core/systemd/systemd_246.6.bb b/meta/recipes-core/systemd/systemd_246.6.bb
index 9215adf8dc..78990f41ec 100644
--- a/meta/recipes-core/systemd/systemd_246.6.bb
+++ b/meta/recipes-core/systemd/systemd_246.6.bb
@@ -21,6 +21,7 @@ SRC_URI += "file://touchscreen.rules \
           file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
           file://0003-implment-systemd-sysv-install-for-OE.patch \
           file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \
+           file://selinux-hook-handling-to-enumerate-nexthop.patch \
           "
 # patches needed by musl
author	Purushottam choudhary <purushottam.choudhary@kpit.com>	2020-11-04 16:04:00 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-11-08 14:03:20 +0000
commit	ec37a2be661bbaa494455a5417db148495920039 (patch)
tree	306a8ae9792a38a8cea4b5ce6a6684c5556f536b /meta/recipes-core
parent	ce447d70df386ca55ce1672478b245851556374e (diff)
download	poky-ec37a2be661bbaa494455a5417db148495920039.tar.gz

diff --git a/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch new file mode 100644 index 0000000000..b1c92ed713 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch
@@ -0,0 +1,46 @@
		1	From 92b555aaabf710e0a672a7244e8c0e3963075133 Mon Sep 17 00:00:00 2001
		2	From: Purushottam choudhary <purushottam.choudhary@kpit.com>
		3	Date: Wed, 28 Oct 2020 22:11:49 +0530
		4	Subject: [PATCH] network: selinux hook handling to enumerate nexthop
		5
		6	When selinux is enabled, the call of
		7	manager_rtnl_enumerate_nexthop() fails.
		8
		9	This fix is to facilitate selinux hook handling for enumerating
		10	nexthop.
		11
		12	In manager_rtnl_enumerate_nexthop() there is a check
		13	if "Not supported" is returned by the send_netlink() call.
		14
		15	This check expects that -EOPNOTSUPP is returned,
		16	the selinux hook seems to return -EINVAL instead.
		17
		18	This happens in kernel older than 5.3
		19	(more specificallytorvalds/linux@65ee00a) as it does not support
		20	nexthop handling through netlink.
		21
		22	And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP
		23	returns -EINVAL.
		24
		25	Thus adding a call in the manager_rtnl_enumerate_nexthop for the
		26	extra return -EINVAL.
		27
		28	Upstream-Status: Backport
		29	https://github.com/systemd/systemd/commit/92b555aaabf710e0a672a7244e8c0e3963075133
		30	---
		31	src/network/networkd-manager.c \| 3 ++-
		32	1 file changed, 2 insertions(+), 1 deletion(-)
		33
		34	diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
		35	index a6c1a39..2a9be85 100644
		36	--- a/src/network/networkd-manager.c
		37	+++ b/src/network/networkd-manager.c
		38	@@ -2121,7 +2121,7 @@ int manager_rtnl_enumerate_nexthop(Manager *m) {
		39
		40	r = sd_netlink_call(m->rtnl, req, 0, &reply);
		41	if (r < 0) {
		42	- if (r == -EOPNOTSUPP) {
		43	+ if (r == -EOPNOTSUPP \|\| r == -EINVAL) {
		44	log_debug("Nexthop are not supported by the kernel. Ignoring.");
		45	return 0;
		46	}


diff --git a/meta/recipes-core/systemd/systemd_246.6.bb b/meta/recipes-core/systemd/systemd_246.6.bb index 9215adf8dc..78990f41ec 100644 --- a/meta/recipes-core/systemd/systemd_246.6.bb +++ b/meta/recipes-core/systemd/systemd_246.6.bb
@@ -21,6 +21,7 @@ SRC_URI += "file://touchscreen.rules \
21	file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \	21	file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
22	file://0003-implment-systemd-sysv-install-for-OE.patch \	22	file://0003-implment-systemd-sysv-install-for-OE.patch \
23	file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \	23	file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \
		24	file://selinux-hook-handling-to-enumerate-nexthop.patch \
24	"	25	"
25		26
26	# patches needed by musl	27	# patches needed by musl