network: selinux hook handling to enumerate nexthop

When selinux is enabled, the call of manager_rtnl_enumerate_nexthop() fails. This fix is to facilitate selinux hook handling for enumerating nexthop. In manager_rtnl_enumerate_nexthop() there is a check if "Not supported" is returned by the send_netlink() call. This check expects that -EOPNOTSUPP is returned, the selinux hook seems to return -EINVAL instead. This happens in kernel older than 5.3 (more specificallytorvalds/linux@65ee00a) as it does not support nexthop handling through netlink. And if SELinux is enforced in the order kernel, callingRTM_GETNEXTHOP returns -EINVAL. Thus adding a call in the manager_rtnl_enumerate_nexthop for the extra return -EINVAL.
2020-10-28 22:11:49 +05:30 · 2020-10-28 22:11:49 +05:30 · 92b555aaab
parent d008666aca
commit 92b555aaab
1 changed files with 2 additions and 1 deletions
--- a/src/network/networkd-manager.c
+++ b/src/network/networkd-manager.c
@ -38,6 +38,7 @@
 #include "ordered-set.h"
 #include "path-lookup.h"
 #include "path-util.h"
+#include "selinux-util.h"
 #include "set.h"
 #include "signal-util.h"
 #include "stat-util.h"
@ -971,7 +972,7 @@ static int manager_enumerate_internal(

        r = sd_netlink_call(m->rtnl, req, 0, &reply);
        if (r < 0) {
-                if (r == -EOPNOTSUPP && name) {
+                if (name && (r == -EOPNOTSUPP || (r == -EINVAL && mac_selinux_enforcing()))) {
                        log_debug_errno(r, "%s are not supported by the kernel. Ignoring.", name);
                        return 0;
                }