From 2332292bbf1e06671ea4056a48dc5610ed864d8c Mon Sep 17 00:00:00 2001 From: eaglegai Date: Tue, 15 Jul 2025 07:50:59 +0000 Subject: [PATCH] revert ip vrf: make ipvrf_exec SELinux-aware (cherry picked from commit 0aa95e407ab6c6e2b7afff9c9118fa6db2ddc85d) --- iproute.spec | 9 ++- ...ip-vrf-make-ipvrf_exec-SELinux-aware.patch | 63 +++++++++++++++++++ 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 revert-ip-vrf-make-ipvrf_exec-SELinux-aware.patch diff --git a/iproute.spec b/iproute.spec index 04089ed..c8af2a9 100644 --- a/iproute.spec +++ b/iproute.spec @@ -2,7 +2,7 @@ Name: iproute Version: 6.6.0 Epoch: 1 -Release: 5 +Release: 6 Summary: Linux network configuration utilities License: GPLv2+ and Public Domain URL: https://kernel.org/pub/linux/utils/net/iproute2/ @@ -24,6 +24,7 @@ Patch6007: backport-fix-fd-leak-when-playing-with-netns.patch Patch9000: feature-iproute-add-support-for-ipvlan-l2e-mode.patch Patch9001: bugfix-iproute2-cancel-some-test-cases.patch +Patch9002: revert-ip-vrf-make-ipvrf_exec-SELinux-aware.patch BuildRequires: gcc bison elfutils-libelf-devel flex iptables-devel BuildRequires: libmnl-devel libselinux-devel pkgconfig libbpf-devel sudo make @@ -98,6 +99,12 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a %{_mandir}/* %changelog +* Tue Jul 15 2025 gaihuiying - 1:6.6.0-6 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert ip vrf: make ipvrf_exec SELinux-aware + * Thu Apr 17 2025 yanglu - 1:6.6.0-5 - Type:bugfix - ID:NA diff --git a/revert-ip-vrf-make-ipvrf_exec-SELinux-aware.patch b/revert-ip-vrf-make-ipvrf_exec-SELinux-aware.patch new file mode 100644 index 0000000..c847610 --- /dev/null +++ b/revert-ip-vrf-make-ipvrf_exec-SELinux-aware.patch @@ -0,0 +1,63 @@ +From 1b7eae68674b31805e5841f49d0f9815fdd57ced Mon Sep 17 00:00:00 2001 +From: zhongxuan +Date: Tue, 13 May 2025 20:05:13 +0800 +Subject: [PATCH] revert ip vrf: make ipvrf_exec SELinux-aware + +Reference:NA +Conflict:NA + +--- + include/selinux.h | 1 - + ip/ipvrf.c | 6 ------ + lib/selinux.c | 5 ----- + 3 files changed, 12 deletions(-) + +diff --git a/include/selinux.h b/include/selinux.h +index 592c768..499aa96 100644 +--- a/include/selinux.h ++++ b/include/selinux.h +@@ -6,5 +6,4 @@ void freecon(char *context); + int getpidcon(pid_t pid, char **context); + int getfilecon(const char *path, char **context); + int security_get_initial_context(const char *name, char **context); +-int setexecfilecon(const char *filename, const char *fallback_type); + #endif +diff --git a/ip/ipvrf.c b/ip/ipvrf.c +index 12beaec..d6b59ad 100644 +--- a/ip/ipvrf.c ++++ b/ip/ipvrf.c +@@ -24,7 +24,6 @@ + #include "utils.h" + #include "ip_common.h" + #include "bpf_util.h" +-#include "selinux.h" + + #define CGRP_PROC_FILE "/cgroup.procs" + +@@ -456,11 +455,6 @@ static int ipvrf_exec(int argc, char **argv) + return -1; + } + +- if (is_selinux_enabled() && setexecfilecon(argv[1], "ifconfig_t")) { +- fprintf(stderr, "setexecfilecon for \"%s\" failed\n", argv[1]); +- return -1; +- } +- + return -cmd_exec(argv[1], argv + 1, !!batch_mode, do_switch, argv[0]); + } + +diff --git a/lib/selinux.c b/lib/selinux.c +index 7e5dd16..4e6805f 100644 +--- a/lib/selinux.c ++++ b/lib/selinux.c +@@ -30,8 +30,3 @@ int security_get_initial_context(const char *name, char **context) + *context = NULL; + return -1; + } +- +-int setexecfilecon(const char *filename, const char *fallback_type) +-{ +- return -1; +-} +-- +2.43.0 \ No newline at end of file -- Gitee