commit: 5a7cc0acb21bb44c8246d8fc11bdf3823f921b3b
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 12 00:34:04 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Nov 13 04:49:06 2021 +0000
URL: https://gitweb.gentoo.org/proj/gcc-config.git/commit/?id=5a7cc0ac
gcc-config: Check writability in env.d instead of EROOT
SELinux blocks access to / so gcc-config fails even tho the required
dirs are writable. Adding SELinux rules to allow writing to / is pretty
undesirable. The best is to check for writability in the actual dirs
that gcc-config needs to write.
It should be sufficient to check only one dir instead of every dir,
since the check for only EROOT has been sufficient in the past.
avc: denied { write } for pid=17173 comm="gcc-config" name="/" dev="zfs"
ino=34 scontext=staff_u:sysadm_r:gcc_config_t:s0-s0:c0.c1023
tcontext=system_u:object_r:root_t:s0 tclass=dir
Bug: https://github.com/perfinion/hardened-refpolicy/pull/20
Bug: https://bugs.gentoo.org/823203
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
Signed-off-by: Sam James <sam <AT> gentoo.org>
gcc-config | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gcc-config b/gcc-config
index 6b2a1a7..70bb388 100755
--- a/gcc-config
+++ b/gcc-config
@@ -668,7 +668,7 @@ switch_profile() {
# Make sure we have write access to the dirs. Do not require `root`
# so that we work with prefix/cross/etc... setups that run as user.
- [[ ! -w ${EROOT} ]] && die "need write access to ${EROOT}"
+ [[ ! -w ${ENV_D} ]] && die "need write access to ${ENV_D}"
if is_cross_compiler ; then
ebegin "Switching cross-compiler to ${CC_COMP}"
