commit: 8f88bc159a81c30c0d49aad62cfe63df5a0d9815
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 9 04:07:41 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jun 9 04:27:04 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f88bc15
sec-policy/selinux-base-policy: Fix policy load when cross compiling
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../selinux-base-policy-2.20180114-r2.ebuild | 34 ++++++++++++++--------
.../selinux-base-policy-9999.ebuild | 34 ++++++++++++++--------
2 files changed, 44 insertions(+), 24 deletions(-)
diff --git
a/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild
b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild
index ffcbe80f607..b2976ccee54 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild
@@ -22,6 +22,7 @@ IUSE="systemd +unconfined"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+RDEPEND="$DEPEND"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools
getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles
modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh
staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage
unprivuser xdg"
LICENSE="GPL-2"
@@ -74,7 +75,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
- emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+ emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C
"${S}"/${i} || die "${i} compile failed"
done
}
@@ -91,6 +92,12 @@ src_install() {
}
pkg_postinst() {
+ # Set root path and don't load policy into the kernel when cross
compiling
+ local root_opts=""
+ if [[ "${ROOT%/}" != "" ]]; then
+ root_opts="-p ${ROOT%/} -n"
+ fi
+
# Override the command from the eclass, we need to load in base as well
here
local COMMAND="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
@@ -104,19 +111,22 @@ pkg_postinst() {
for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i
module store: ${MODS}"
- cd /usr/share/selinux/${i}
+ cd "${ROOT%/}/usr/share/selinux/${i}"
- semodule -s ${i} ${COMMAND}
+ semodule ${root_opts} -s ${i} ${COMMAND}
done
- # Relabel depending packages
- local PKGSET="";
- if [[ -x /usr/bin/qdepends ]] ; then
- PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep
-v 'sec-policy/selinux-');
- elif [[ -x /usr/bin/equery ]] ; then
- PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep
-v 'sec-policy/selinux-');
- fi
- if [[ -n "${PKGSET}" ]] ; then
- rlpkg ${PKGSET};
+ # Don't relabel when cross compiling
+ if [[ "${ROOT%/}" == "" ]]; then
+ # Relabel depending packages
+ local PKGSET="";
+ if [[ -x /usr/bin/qdepends ]] ; then
+ PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN}
| grep -v 'sec-policy/selinux-');
+ elif [[ -x /usr/bin/equery ]] ; then
+ PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN}
| grep -v 'sec-policy/selinux-');
+ fi
+ if [[ -n "${PKGSET}" ]] ; then
+ rlpkg ${PKGSET};
+ fi
fi
}
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
index ffcbe80f607..b2976ccee54 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
@@ -22,6 +22,7 @@ IUSE="systemd +unconfined"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+RDEPEND="$DEPEND"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools
getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles
modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh
staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage
unprivuser xdg"
LICENSE="GPL-2"
@@ -74,7 +75,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
- emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+ emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C
"${S}"/${i} || die "${i} compile failed"
done
}
@@ -91,6 +92,12 @@ src_install() {
}
pkg_postinst() {
+ # Set root path and don't load policy into the kernel when cross
compiling
+ local root_opts=""
+ if [[ "${ROOT%/}" != "" ]]; then
+ root_opts="-p ${ROOT%/} -n"
+ fi
+
# Override the command from the eclass, we need to load in base as well
here
local COMMAND="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
@@ -104,19 +111,22 @@ pkg_postinst() {
for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i
module store: ${MODS}"
- cd /usr/share/selinux/${i}
+ cd "${ROOT%/}/usr/share/selinux/${i}"
- semodule -s ${i} ${COMMAND}
+ semodule ${root_opts} -s ${i} ${COMMAND}
done
- # Relabel depending packages
- local PKGSET="";
- if [[ -x /usr/bin/qdepends ]] ; then
- PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep
-v 'sec-policy/selinux-');
- elif [[ -x /usr/bin/equery ]] ; then
- PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep
-v 'sec-policy/selinux-');
- fi
- if [[ -n "${PKGSET}" ]] ; then
- rlpkg ${PKGSET};
+ # Don't relabel when cross compiling
+ if [[ "${ROOT%/}" == "" ]]; then
+ # Relabel depending packages
+ local PKGSET="";
+ if [[ -x /usr/bin/qdepends ]] ; then
+ PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN}
| grep -v 'sec-policy/selinux-');
+ elif [[ -x /usr/bin/equery ]] ; then
+ PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN}
| grep -v 'sec-policy/selinux-');
+ fi
+ if [[ -n "${PKGSET}" ]] ; then
+ rlpkg ${PKGSET};
+ fi
fi
}
