From d025ca1d81a0c9230d452f9e6c7093dbd8ef0995 Mon Sep 17 00:00:00 2001 From: fufesou <13586388+fufesou@users.noreply.github.com> Date: Mon, 16 Dec 2024 19:01:12 +0800 Subject: [PATCH] refact: linux, chcon, bin_t (#10293) Signed-off-by: fufesou --- res/rpm-flutter.spec | 9 +++++++++ res/rpm.spec | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/res/rpm-flutter.spec b/res/rpm-flutter.spec index 8862614ea..da37374f2 100644 --- a/res/rpm-flutter.spec +++ b/res/rpm-flutter.spec @@ -59,6 +59,15 @@ cp /usr/share/rustdesk/files/rustdesk.service /etc/systemd/system/rustdesk.servi cp /usr/share/rustdesk/files/rustdesk.desktop /usr/share/applications/ cp /usr/share/rustdesk/files/rustdesk-link.desktop /usr/share/applications/ ln -s /usr/lib/rustdesk/rustdesk /usr/bin/rustdesk +# Change the security context of /usr/lib/rustdesk/rustdesk from `lib_t` to `bin_t`. +if command -v getenforce >/dev/null 2>&1; then + if [ "$(getenforce)" == "Enforcing" ]; then + file_security_context=$(ls -lZ /usr/lib/rustdesk/rustdesk 2>/dev/null | awk -F':' '{print $3}') + if [ "${file_security_context}" == "lib_t" ]; then + chcon -t bin_t /usr/lib/rustdesk/rustdesk || true + fi + fi +fi systemctl daemon-reload systemctl enable rustdesk systemctl start rustdesk diff --git a/res/rpm.spec b/res/rpm.spec index 8d204eef2..23bb71c54 100644 --- a/res/rpm.spec +++ b/res/rpm.spec @@ -63,6 +63,15 @@ esac cp /usr/share/rustdesk/files/rustdesk.service /etc/systemd/system/rustdesk.service cp /usr/share/rustdesk/files/rustdesk.desktop /usr/share/applications/ cp /usr/share/rustdesk/files/rustdesk-link.desktop /usr/share/applications/ +# Change the security context of /usr/lib/rustdesk/rustdesk from `lib_t` to `bin_t`. +if command -v getenforce >/dev/null 2>&1; then + if [ "$(getenforce)" == "Enforcing" ]; then + file_security_context=$(ls -lZ /usr/lib/rustdesk/rustdesk 2>/dev/null | awk -F':' '{print $3}') + if [ "${file_security_context}" == "lib_t" ]; then + chcon -t bin_t /usr/lib/rustdesk/rustdesk || true + fi + fi +fi systemctl daemon-reload systemctl enable rustdesk systemctl start rustdesk