| Message ID | 20220501183758.184326-1-dominick.grift@defensec.nl |
|---|---|
| State | Accepted |
| Delegated to: | Daniel Golle |
| Headers | show |
| Series | [v2] Addresses sed in-place without SELinux awareness | expand |
diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh index ee0c33845c..942020ec0a 100644 --- a/package/base-files/files/lib/functions.sh +++ b/package/base-files/files/lib/functions.sh @@ -387,6 +387,9 @@ group_add_user() { [ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group [ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd + if [ -x /usr/sbin/selinuxenabled ] && selinuxenabled; then + restorecon ${IPKG_INSTROOT}/etc/group + fi } user_add() {
sed(1) in busybox does not support this functionality: https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598 This causes /etc/group to become mislabeled when a package requests that a uid/gid be added on OpenWrt with SELinux Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> --- v2: fixes missing $IPKG_INSTROOT and avoids potential issues in set -e environments package/base-files/files/lib/functions.sh | 3 +++ 1 file changed, 3 insertions(+)