commit: 0c324425b7c6151a59fe85577b74c895c3c85aed Author: Kenton Groombridge <concord <AT> gentoo <DOT> org> AuthorDate: Thu Sep 21 20:28:02 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Tue Sep 26 20:54:12 2023 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=0c324425
dispatch-conf: copy SELinux labels to merged files Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org> Closes: https://github.com/gentoo/portage/pull/1099 Signed-off-by: Sam James <sam <AT> gentoo.org> bin/dispatch-conf | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/bin/dispatch-conf b/bin/dispatch-conf index 154b26ff56..849be562ee 100755 --- a/bin/dispatch-conf +++ b/bin/dispatch-conf @@ -12,6 +12,7 @@ # import atexit +import errno import re import subprocess import sys @@ -398,6 +399,8 @@ class dispatch: mystat = os.lstat(conf["new"]) os.chmod(mrgconf, mystat[ST_MODE]) os.chown(mrgconf, mystat[ST_UID], mystat[ST_GID]) + if "selinux" in portage.settings.features: + self.copy_selinux_label(conf["current"], mrgconf) newconf = mrgconf continue elif c == "l": @@ -434,6 +437,30 @@ class dispatch: perform_conf_update_session_hooks("post-session") + def copy_selinux_label(self, curconf, newconf): + """Copy the SELinux security label from the current config file to + the new/merged config file.""" + try: + label = os.getxattr(curconf, "security.selinux") + except OSError as e: + if e.errno == errno.ENOTSUP: + # Filesystem does not support xattrs + return + writemsg( + f"dispatch-conf: Failed getting SELinux label on {curconf}; ignoring...\n", + noiselevel=-1, + ) + return + + if label: + try: + os.setxattr(newconf, "security.selinux", label) + except OSError: + writemsg( + f"dispatch-conf: Failed setting SELinux label on {newconf}; ignoring...\n", + noiselevel=-1, + ) + def replace(self, newconf, curconf): """Replace current config with the new/merged version. Also logs the diff of what changed into the configured log file."""
