packages/criu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!105 lsm: use the user provided lsm label

Browse Source 
From: @maskinghk 
Reviewed-by: @chenwei_kernel 
Signed-off-by: @chenwei_kernel
This commit is contained in:
openeuler-ci-bot 2025-04-21 06:42:55 +00:00 committed by Gitee
commit 854c3718ce
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0005-lsm-use-the-user-provided-lsm-label.patch Normal file
View File

@ -0,0 +1,30 @@
From ed6374b48c5923bca53d760ac6f04a2817236407 Mon Sep 17 00:00:00 2001
From: Adrian Reber <areber@redhat.com>
Date: Thu, 6 Feb 2025 11:07:17 +0100
Subject: [PATCH] lsm: use the user provided lsm label
Currently CRIU has the possibility to specify a LSM label during
restore. Unfortunately the information is completely ignored in the case
of SELinux.
This change selects the lsm label from the user if it is provided and
else the label from the checkpoint image is used.
Signed-off-by: Adrian Reber <areber@redhat.com>
---
criu/lsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/criu/lsm.c b/criu/lsm.c
index d1b73cc79e..70b66d42ee 100644
--- a/criu/lsm.c
+++ b/criu/lsm.c
@@ -370,7 +370,7 @@ int render_lsm_profile(char *profile, char **val)
case LSMTYPE__APPARMOR:
return render_aa_profile(val, profile);
case LSMTYPE__SELINUX:
- if (asprintf(val, "%s", profile) < 0) {
+ if (asprintf(val, "%s", opts.lsm_supplied ? opts.lsm_profile : profile) < 0) {
*val = NULL;
return -1;
}

6
criu.spec
View File

@ -1,6 +1,6 @@
Name: criu Name: criu
Version: 3.19 Version: 3.19
Release: 5 Release: 6
Provides: crtools = %{version}-%{release} Provides: crtools = %{version}-%{release}
Obsoletes: crtools <= 1.0-2 Obsoletes: crtools <= 1.0-2
Summary: A tool of Checkpoint/Restore in User-space Summary: A tool of Checkpoint/Restore in User-space
@ -20,6 +20,7 @@ Patch1: 0001-criu-dump-and-restore-cpu-affinity-of-each-thread.patch
Patch2: 0002-Add-sys_sched_setaffinity-define-for-loongarch64.patch Patch2: 0002-Add-sys_sched_setaffinity-define-for-loongarch64.patch
Patch3: 0003-chore-support-building-without-network.patch Patch3: 0003-chore-support-building-without-network.patch
Patch4: 0004-criu-fix-log_keep_err-signal-deadlock.patch Patch4: 0004-criu-fix-log_keep_err-signal-deadlock.patch
Patch5: 0005-lsm-use-the-user-provided-lsm-label.patch
%description %description
Checkpoint/Restore in Userspace(CRIU),is a software tool for the linux operating system. Checkpoint/Restore in Userspace(CRIU),is a software tool for the linux operating system.
@ -105,6 +106,9 @@ chmod 0755 %{buildroot}/run/%{name}/
%doc %{_mandir}/man1/{compel.1*,crit.1*,criu-ns.1*,criu-amdgpu-plugin.1*} %doc %{_mandir}/man1/{compel.1*,crit.1*,criu-ns.1*,criu-amdgpu-plugin.1*}
%changelog %changelog
* Mon Apr 21 2025 maxin <maxin@xfusion.com> - 3.19-6
- lsm: use the user provided lsm label
* Fri Apr 18 2025 maxin <maxin@xfusion.com> - 3.19-5 * Fri Apr 18 2025 maxin <maxin@xfusion.com> - 3.19-5
- fix log_keep_err signal deadlock - fix log_keep_err signal deadlock