base-files: address sed in-place without SELinux awareness
authorDominick Grift <dominick.grift@defensec.nl>
Sun, 1 May 2022 17:54:04 +0000 (19:54 +0200)
committerDaniel Golle <daniel@makrotopia.org>
Tue, 3 May 2022 19:32:38 +0000 (20:32 +0100)
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598

This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 5109bd164c8f2273329483f990188fb36cf3ad68)

package/base-files/files/lib/functions.sh

index ee0c33845c508790578524c06cc3fc50450e3e58..9db0871d6ccbb5413c452c12a3864a780093c68e 100644 (file)
@@ -386,6 +386,7 @@ group_add_user() {
        echo "$grp" | grep -q ":$" && delim=""
        [ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd
        sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group
+       selinuxenabled 2>/dev/null && restorecon /etc/group
        [ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd
 }