mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
selinux: fix regression of systemctl subcommands when absolute unit file paths are specified
The commit 4938696301
overlooked the
fact that unit files can be specified as unit file paths, not unit
file names, wrongly passing a unit file path to the 1st argument of
manager_load_unit() that handles it as a unit file name. As a result,
the following 4 systemctl subcommands:
enable
disable
reenable
link
mask
unmask
fail with the following error message:
# systemctl enable /usr/lib/systemd/system/kdump.service
Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
# systemctl disable /usr/lib/systemd/system/kdump.service
Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
# systemctl reenable /usr/lib/systemd/system/kdump.service
Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
# cp /usr/lib/systemd/system/kdump.service /tmp/
# systemctl link /tmp/kdump.service
Failed to execute operation: Unit name /tmp/kdump.service is not valid.
# systemctl mask /usr/lib/systemd/system/kdump.service
Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
# systemctl unmask /usr/lib/systemd/system/kdump.service
Failed to execute operation: Unit name /usr/lib/systemd/system/kdump.service is not valid.
To fix the issue, first check whether a unit file is passed as a unit
file name or a unit file path, and then pass the unit file to the
appropreate argument of manager_load_unit().
By the way, even with this commit mask and unmask reject unit file
paths as follows and this is a correct behavior:
# systemctl mask /usr/lib/systemd/system/kdump.service
Failed to execute operation: Invalid argument
# systemctl unmask /usr/lib/systemd/system/kdump.service
Failed to execute operation: Invalid argument
This commit is contained in:
parent
7c268a0489
commit
9fa7c1aeb9
@ -38,6 +38,7 @@
|
||||
#include "selinux-util.h"
|
||||
#include "audit-fd.h"
|
||||
#include "strv.h"
|
||||
#include "path-util.h"
|
||||
|
||||
static bool initialized = false;
|
||||
|
||||
@ -302,7 +303,10 @@ int mac_selinux_unit_access_check_strv(
|
||||
int r;
|
||||
|
||||
STRV_FOREACH(i, units) {
|
||||
r = manager_load_unit(m, *i, NULL, error, &u);
|
||||
if (is_path(*i))
|
||||
r = manager_load_unit(m, NULL, *i, error, &u);
|
||||
else
|
||||
r = manager_load_unit(m, *i, NULL, error, &u);
|
||||
if (r < 0)
|
||||
return r;
|
||||
r = mac_selinux_unit_access_check(u, message, permission, error);
|
||||
|
Loading…
Reference in New Issue
Block a user