From 0f539d6a399009b1b72de8bc11443d73d8ee39c3 Mon Sep 17 00:00:00 2001 From: yezengruan Date: Tue, 29 Mar 2022 21:01:58 +0800 Subject: [PATCH 1/2] selinux: enable libcare-ctl to mprotect qemu process Signed-off-by: Bihong Yu (cherry picked from commit 55aea2c2b0ccce83f2e58862c6722af4402cd469) --- ...libcare-ctl-to-mprotect-qemu-process.patch | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 selinux-enable-libcare-ctl-to-mprotect-qemu-process.patch diff --git a/selinux-enable-libcare-ctl-to-mprotect-qemu-process.patch b/selinux-enable-libcare-ctl-to-mprotect-qemu-process.patch new file mode 100644 index 0000000..02311c1 --- /dev/null +++ b/selinux-enable-libcare-ctl-to-mprotect-qemu-process.patch @@ -0,0 +1,27 @@ +From 2724af94241663c9877e270c645dfcea124dc92c Mon Sep 17 00:00:00 2001 +From: jiang-dawei15 +Date: Tue, 29 Mar 2022 20:32:43 +0800 +Subject: [PATCH] selinux: enable libcare-ctl to mprotect qemu process + +Signed-off-by: Bihong Yu +--- + dist/selinux/libcare.te | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/dist/selinux/libcare.te b/dist/selinux/libcare.te +index c240875..670c026 100644 +--- a/dist/selinux/libcare.te ++++ b/dist/selinux/libcare.te +@@ -52,6 +52,9 @@ allow libcare_t libcare_file_t: lnk_file read_lnk_file_perms; + # to read patient's /proc entries and be able to attach to it + allow libcare_t self: capability { dac_override dac_read_search sys_ptrace }; + ++# need by remote mprotect ++allow svirt_t self : process execmem; ++ + allow libcare_t svirt_t : process ptrace; + allow libcare_t svirt_t : dir list_dir_perms; + allow libcare_t svirt_t : file rw_file_perms; +-- +2.27.0 + -- Gitee From e85d4846c3eced3e0c60c6cb86ca7a0065b81516 Mon Sep 17 00:00:00 2001 From: yezengruan Date: Tue, 29 Mar 2022 21:08:01 +0800 Subject: [PATCH 2/2] update spec with openeuler !28 Signed-off-by: yezengruan (cherry picked from commit 70fa9ceaec6c6b76e8a944dcf9c0f73365166e6e) --- libcareplus.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libcareplus.spec b/libcareplus.spec index 0b47db7..3d9a836 100644 --- a/libcareplus.spec +++ b/libcareplus.spec @@ -3,7 +3,7 @@ Version: 1.0.0 Name: libcareplus Summary: LibcarePlus tools -Release: 7 +Release: 8 Group: Applications/System License: GPLv2 Url: https://gitee.com/openeuler/libcareplus @@ -19,6 +19,7 @@ Patch0007: kpatch_elf-compatible-with-older-versions-of-the-so-.patch Patch0008: kpatch_parse-fix-failed-to-recognize-.cold.patch Patch0009: help-modify-some-help-information.patch Patch0010: libcare-patch-make-fix-some-bugs.patch +Patch0011: selinux-enable-libcare-ctl-to-mprotect-qemu-process.patch BuildRequires: elfutils-libelf-devel libunwind-devel gcc systemd @@ -150,6 +151,9 @@ exit 0 %endif %changelog +* Tue Mar 29 2022 yezengruan 1.0.0.8 +- selinux: enable libcare-ctl to mprotect qemu process + * Mon Mar 21 2022 yezengruan 1.0.0.7 - libcare-patch-make: fix some bugs -- Gitee