[gentoo-commits] repo/gentoo:master commit in: sys-apps/policycoreutils/

Thu, 16 Dec 2021 21:16:20 -0800 

commit:     df72ab351f482dea63d27e447b2a93549a742ecd
Author:     Thilo Fromm <thilo <AT> kinvolk <DOT> io>
AuthorDate: Thu Dec 16 18:20:41 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 17 05:15:52 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df72ab35

sys-apps/policycoreutils: update the right ROOT store

The policycoreutils ebuild calls 'semodule' in postinst to update
SELinux stores. It does not, however, tells semodule the correct ROOT
to use, so installing policycoreutils in a crossdev environment will
actually update the *host's* store.

This patch adds '-S "${ROOT:-/}"' to the 'semodule' call so the correct
environment is updated.

First seen + fixed in Flatcar Container Linux:
https://github.com/flatcar-linux/coreos-overlay/pull/1502

Signed-off-by: Thilo Fromm <thilo <AT> kinvolk.io>
Closes: https://github.com/gentoo/gentoo/pull/23332
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild | 4 ++--
 sys-apps/policycoreutils/policycoreutils-3.2.ebuild    | 4 ++--
 sys-apps/policycoreutils/policycoreutils-3.3.ebuild    | 4 ++--
 sys-apps/policycoreutils/policycoreutils-9999.ebuild   | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild 
b/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
index 62b8f3856614..e995a286771b 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
@@ -162,7 +162,7 @@ pkg_postinst() {
        for POLICY_TYPE in ${POLICY_TYPES} ; do
                # There have been some changes to the policy store, rebuilding 
now.
                # https://marc.info/?l=selinux&m=143757277819717&w=2
-               einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-               semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild 
policy store ${POLICY_TYPE}"
+               einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without 
re-loading)."
+               semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die 
"Failed to rebuild policy store ${POLICY_TYPE}"
        done
 }

diff --git a/sys-apps/policycoreutils/policycoreutils-3.2.ebuild 
b/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
index 7299c44a1ddd..1c90708b2731 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
        for POLICY_TYPE in ${POLICY_TYPES} ; do
                # There have been some changes to the policy store, rebuilding 
now.
                # https://marc.info/?l=selinux&m=143757277819717&w=2
-               einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-               semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild 
policy store ${POLICY_TYPE}"
+               einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without 
re-loading)."
+               semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die 
"Failed to rebuild policy store ${POLICY_TYPE}"
        done
 }

diff --git a/sys-apps/policycoreutils/policycoreutils-3.3.ebuild 
b/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
index c8fe18af66f9..6b00366fe883 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
        for POLICY_TYPE in ${POLICY_TYPES} ; do
                # There have been some changes to the policy store, rebuilding 
now.
                # https://marc.info/?l=selinux&m=143757277819717&w=2
-               einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-               semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild 
policy store ${POLICY_TYPE}"
+               einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without 
re-loading)."
+               semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die 
"Failed to rebuild policy store ${POLICY_TYPE}"
        done
 }

diff --git a/sys-apps/policycoreutils/policycoreutils-9999.ebuild 
b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
index c8fe18af66f9..6b00366fe883 100644
--- a/sys-apps/policycoreutils/policycoreutils-9999.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
        for POLICY_TYPE in ${POLICY_TYPES} ; do
                # There have been some changes to the policy store, rebuilding 
now.
                # https://marc.info/?l=selinux&m=143757277819717&w=2
-               einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-               semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild 
policy store ${POLICY_TYPE}"
+               einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without 
re-loading)."
+               semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die 
"Failed to rebuild policy store ${POLICY_TYPE}"
        done
 }

Reply via email to