Commit 669449be authored by Martin Pitt's avatar Martin Pitt
Browse files

Fix SELinux unit access check

Cherry-picked from upstream, fixes a regression in 215.
parent 160d4953
......@@ -11,6 +11,8 @@ systemd (215-7) UNRELEASED; urgency=medium
- Add new try-{guest,host} modes for --link-journal to silently skip
setting up the guest journal if the host has no persistant journal.
- Extend boot-and-services autopkgtest to cover systemd-nspawn@.service.
* Cherry-pick upstream patch to fix SELinux unit access check (regression
in 215).
[ Jon Severinsson]
* Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This
......
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Fri, 21 Nov 2014 17:02:15 +0100
Subject: selinux-access: fix broken ternary operator
it seems to be a typo introduced by ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602
- _r = selinux_access_check(_b, _m, _u->source_path ?:_u->fragment_path, (permission), &_error); \
+ ({ Unit *_unit = (unit); selinux_generic_access_check(bus,message, _unit->fragment_path ?: _unit->fragment_path, permission,error); })
---
src/core/selinux-access.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h
index 27d9e14..fea8a85 100644
--- a/src/core/selinux-access.h
+++ b/src/core/selinux-access.h
@@ -37,7 +37,7 @@ int selinux_generic_access_check(sd_bus_message *message, const char *path, cons
#define selinux_unit_access_check(unit, message, permission, error) \
({ \
Unit *_unit = (unit); \
- selinux_generic_access_check((message), _unit->fragment_path ?: _unit->fragment_path, (permission), (error)); \
+ selinux_generic_access_check((message), _unit->source_path ?: _unit->fragment_path, (permission), (error)); \
})
#else
......@@ -111,6 +111,7 @@ Make-emergency.service-conflict-with-rescue.service.patch
udev-hwdb-Support-shipping-pre-compiled-database-in-.patch
tmpfiles.d-Create-var-lib-containers.patch
nspawn-Add-try-host-guest-journal-link-modes.patch
selinux-access-fix-broken-ternary-operator.patch
## Debian specific patches:
Add-back-support-for-Debian-specific-config-files.patch
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment