rpms / dracut

Clone
Source Code
GIT

Blame 0141-dracut-install-preserve-extended-attributes-when-cop.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   53404a5fc70e11bbc1f64bfd3182dcee86c87363
  2.   0141-dracut-install-preserve-extended-attributes-when-cop.patch
Blob History Raw
Harald Hoyer 53404a 
From 61c761bc2c35fb244d46fbbde97161f5927071dc Mon Sep 17 00:00:00 2001
Harald Hoyer 53404a 
From: Stefan Berger <stefanb@us.ibm.com>
Harald Hoyer 53404a 
Date: Tue, 25 Oct 2016 15:09:49 -0400
Harald Hoyer 53404a 
Subject: [PATCH] dracut-install: preserve extended attributes when copying
Harald Hoyer 53404a 
 files
Harald Hoyer 53404a
Harald Hoyer 53404a 
Preserve extended attributes when copying files using dracut-install.
Harald Hoyer 53404a
Harald Hoyer 53404a 
The copying of extended attributes avoids file execution denials when
Harald Hoyer 53404a 
the Linux Integrity Measurement's Appraisal mode is active. In that mode
Harald Hoyer 53404a 
executables need their file signatures copied. In particular, this patch
Harald Hoyer 53404a 
solves the problem that dependent libaries are not included in the
Harald Hoyer 53404a 
initramfs since the copied programs could not be executed due to missing
Harald Hoyer 53404a 
signatures. The following audit record shows the type of failure that
Harald Hoyer 53404a 
is now prevented:
Harald Hoyer 53404a
Harald Hoyer 53404a 
type=INTEGRITY_DATA msg=audit(1477409025.492:30065): pid=922 uid=0
Harald Hoyer 53404a 
 auid=4294967295 ses=4294967295
Harald Hoyer 53404a 
 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Harald Hoyer 53404a 
 op="appraise_data" cause="IMA-signature-required"
Harald Hoyer 53404a 
 comm="ld-linux-x86-64"
Harald Hoyer 53404a 
 name="/var/tmp/dracut.R6ySa4/initramfs/usr/bin/journalctl"
Harald Hoyer 53404a 
 dev="dm-0" ino=37136 res=0
Harald Hoyer 53404a
Harald Hoyer 53404a 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Harald Hoyer 53404a 
---
Harald Hoyer 53404a 
 install/dracut-install.c | 4 ++--
Harald Hoyer 53404a 
 1 file changed, 2 insertions(+), 2 deletions(-)
Harald Hoyer 53404a
Harald Hoyer 53404a 
diff --git a/install/dracut-install.c b/install/dracut-install.c
Harald Hoyer 53404a 
index fe30bba..c0f1c17 100644
Harald Hoyer 53404a 
--- a/install/dracut-install.c
Harald Hoyer 53404a 
+++ b/install/dracut-install.c
Harald Hoyer 53404a 
@@ -294,7 +294,7 @@ static int cp(const char *src, const char *dst)
Harald Hoyer 53404a 
  normal_copy:
Harald Hoyer 53404a 
         pid = fork();
Harald Hoyer 53404a 
         if (pid == 0) {
Harald Hoyer 53404a 
-                execlp("cp", "cp", "--reflink=auto", "--sparse=auto", "--preserve=mode,timestamps", "-fL", src, dst,
Harald Hoyer 53404a 
+                execlp("cp", "cp", "--reflink=auto", "--sparse=auto", "--preserve=mode,timestamps,xattr", "-fL", src, dst,
Harald Hoyer 53404a 
                        NULL);
Harald Hoyer 53404a 
                 _exit(EXIT_FAILURE);
Harald Hoyer 53404a 
         }
Harald Hoyer 53404a 
@@ -302,7 +302,7 @@ static int cp(const char *src, const char *dst)
Harald Hoyer 53404a 
         while (waitpid(pid, &ret, 0) < 0) {
Harald Hoyer 53404a 
                 if (errno != EINTR) {
Harald Hoyer 53404a 
                         ret = -1;
Harald Hoyer 53404a 
-                        log_error("Failed: cp --reflink=auto --sparse=auto --preserve=mode,timestamps -fL %s %s", src,
Harald Hoyer 53404a 
+                        log_error("Failed: cp --reflink=auto --sparse=auto --preserve=mode,timestamps,xattr -fL %s %s", src,
Harald Hoyer 53404a 
                                   dst);
Harald Hoyer 53404a 
                         break;
Harald Hoyer 53404a 
                 }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation