ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-06-19 07:38:13 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

base-files: address sed in-place without SELinux awareness

Browse Source 
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598

This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
This commit is contained in:
Dominick Grift
2022-05-01 19:54:04 +02:00
committed by Daniel Golle
parent 7d02fc0951
commit 5109bd164c
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
package/base-files/files/lib/functions.sh
View File

@ -386,6 +386,7 @@ group_add_user() {
echo "$grp" | grep -q ":$" && delim="" echo "$grp" | grep -q ":$" && delim=""
[ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd [ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd
sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group
selinuxenabled 2>/dev/null && restorecon /etc/group
[ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd [ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd
} }