systemd: selinux hook handling to enumerate nexthop

When selinux is enabled, the call of manager_rtnl_enumerate_nexthop() fails. This fix is to facilitate selinux hook handling for enumerating nexthop. In manager_rtnl_enumerate_nexthop() there is a check if "Not supported" is returned by the send_netlink() call. This check expects that -EOPNOTSUPP is returned, the selinux hook seems to return -EINVAL instead. This happens in kernel older than 5.3 (more specificallytorvalds/linux@65ee00a) as it does not support nexthop handling through netlink. And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP returns -EINVAL. Thus adding a call in the manager_rtnl_enumerate_nexthop for the extra return -EINVAL. Note: systemd version is different in yocto project (v246.6) and systemd master(v247) and In systemd verison(246.6) mac_selinux_enforcing() function is not declared and defined. (From OE-Core rev: c521df3f0a86521ce78fd5c057293b2c242fba79) Signed-off-by: Purushottam choudhary <purushottam.choudhary@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-29 00:32:14 +02:00 · 2020-11-04 16:04:00 +05:30
parent ce447d70df
commit ec37a2be66
2 changed files with 47 additions and 0 deletions
--- a/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch
+++ b/meta/recipes-core/systemd/systemd/selinux-hook-handling-to-enumerate-nexthop.patch
@@ -0,0 +1,46 @@
+From 92b555aaabf710e0a672a7244e8c0e3963075133 Mon Sep 17 00:00:00 2001
+From: Purushottam choudhary <purushottam.choudhary@kpit.com>
+Date: Wed, 28 Oct 2020 22:11:49 +0530
+Subject: [PATCH] network: selinux hook handling to enumerate nexthop
+
+When selinux is enabled, the call of
+manager_rtnl_enumerate_nexthop() fails.
+
+This fix is to facilitate selinux hook handling for enumerating
+nexthop.
+
+In manager_rtnl_enumerate_nexthop() there is a check
+if "Not supported" is returned by the send_netlink() call.
+
+This check expects that -EOPNOTSUPP is returned,
+the selinux hook seems to return -EINVAL instead.
+
+This happens in kernel older than 5.3
+(more specificallytorvalds/linux@65ee00a) as it does not support
+nexthop handling through netlink.
+
+And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP
+returns -EINVAL.
+
+Thus adding a call in the manager_rtnl_enumerate_nexthop for the
+extra return -EINVAL.
+
+Upstream-Status: Backport
+https://github.com/systemd/systemd/commit/92b555aaabf710e0a672a7244e8c0e3963075133
+---
+ src/network/networkd-manager.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c
+index a6c1a39..2a9be85 100644
+--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
+@@ -2121,7 +2121,7 @@ int manager_rtnl_enumerate_nexthop(Manager *m) {
+
+         r = sd_netlink_call(m->rtnl, req, 0, &reply);
+         if (r < 0) {
+-                if (r == -EOPNOTSUPP) {
+                if (r == -EOPNOTSUPP || r == -EINVAL) {
+                         log_debug("Nexthop are not supported by the kernel. Ignoring.");
+                         return 0;
+                 }
--- a/meta/recipes-core/systemd/systemd_246.6.bb
+++ b/meta/recipes-core/systemd/systemd_246.6.bb
@@ -21,6 +21,7 @@ SRC_URI += "file://touchscreen.rules \
           file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
           file://0003-implment-systemd-sysv-install-for-OE.patch \
           file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \
+           file://selinux-hook-handling-to-enumerate-nexthop.patch \
           "

 # patches needed by musl