summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Zaman <perfinion@gentoo.org>2018-06-09 12:07:41 +0800
committerJason Zaman <perfinion@gentoo.org>2018-06-09 12:27:04 +0800
commit8f88bc159a81c30c0d49aad62cfe63df5a0d9815 (patch)
treed81a9c641ec9ef465a55a091a7c456c28525d880 /sec-policy
parentx11-apps/xkbcomp: Version bump 1.4.2 (diff)
downloadgentoo-8f88bc159a81c30c0d49aad62cfe63df5a0d9815.tar.gz
gentoo-8f88bc159a81c30c0d49aad62cfe63df5a0d9815.tar.bz2
gentoo-8f88bc159a81c30c0d49aad62cfe63df5a0d9815.zip
sec-policy/selinux-base-policy: Fix policy load when cross compiling
Package-Manager: Portage-2.3.40, Repoman-2.3.9
Diffstat (limited to 'sec-policy')
-rw-r--r--sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild34
-rw-r--r--sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild34
2 files changed, 44 insertions, 24 deletions
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild
index ffcbe80f607c..b2976ccee54b 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20180114-r2.ebuild
@@ -22,6 +22,7 @@ IUSE="systemd +unconfined"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+RDEPEND="$DEPEND"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
@@ -74,7 +75,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
- emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+ emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i} || die "${i} compile failed"
done
}
@@ -91,6 +92,12 @@ src_install() {
}
pkg_postinst() {
+ # Set root path and don't load policy into the kernel when cross compiling
+ local root_opts=""
+ if [[ "${ROOT%/}" != "" ]]; then
+ root_opts="-p ${ROOT%/} -n"
+ fi
+
# Override the command from the eclass, we need to load in base as well here
local COMMAND="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
@@ -104,19 +111,22 @@ pkg_postinst() {
for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
- cd /usr/share/selinux/${i}
+ cd "${ROOT%/}/usr/share/selinux/${i}"
- semodule -s ${i} ${COMMAND}
+ semodule ${root_opts} -s ${i} ${COMMAND}
done
- # Relabel depending packages
- local PKGSET="";
- if [[ -x /usr/bin/qdepends ]] ; then
- PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
- elif [[ -x /usr/bin/equery ]] ; then
- PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
- fi
- if [[ -n "${PKGSET}" ]] ; then
- rlpkg ${PKGSET};
+ # Don't relabel when cross compiling
+ if [[ "${ROOT%/}" == "" ]]; then
+ # Relabel depending packages
+ local PKGSET="";
+ if [[ -x /usr/bin/qdepends ]] ; then
+ PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ elif [[ -x /usr/bin/equery ]] ; then
+ PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ fi
+ if [[ -n "${PKGSET}" ]] ; then
+ rlpkg ${PKGSET};
+ fi
fi
}
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
index ffcbe80f607c..b2976ccee54b 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-9999.ebuild
@@ -22,6 +22,7 @@ IUSE="systemd +unconfined"
PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
DEPEND="=sec-policy/selinux-base-${PVR}[systemd?]"
+RDEPEND="$DEPEND"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
@@ -74,7 +75,7 @@ src_prepare() {
src_compile() {
for i in ${POLICY_TYPES}; do
- emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+ emake NAME=$i SHAREDIR="${ROOT%/}"/usr/share/selinux -C "${S}"/${i} || die "${i} compile failed"
done
}
@@ -91,6 +92,12 @@ src_install() {
}
pkg_postinst() {
+ # Set root path and don't load policy into the kernel when cross compiling
+ local root_opts=""
+ if [[ "${ROOT%/}" != "" ]]; then
+ root_opts="-p ${ROOT%/} -n"
+ fi
+
# Override the command from the eclass, we need to load in base as well here
local COMMAND="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
@@ -104,19 +111,22 @@ pkg_postinst() {
for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
- cd /usr/share/selinux/${i}
+ cd "${ROOT%/}/usr/share/selinux/${i}"
- semodule -s ${i} ${COMMAND}
+ semodule ${root_opts} -s ${i} ${COMMAND}
done
- # Relabel depending packages
- local PKGSET="";
- if [[ -x /usr/bin/qdepends ]] ; then
- PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
- elif [[ -x /usr/bin/equery ]] ; then
- PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
- fi
- if [[ -n "${PKGSET}" ]] ; then
- rlpkg ${PKGSET};
+ # Don't relabel when cross compiling
+ if [[ "${ROOT%/}" == "" ]]; then
+ # Relabel depending packages
+ local PKGSET="";
+ if [[ -x /usr/bin/qdepends ]] ; then
+ PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ elif [[ -x /usr/bin/equery ]] ; then
+ PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+ fi
+ if [[ -n "${PKGSET}" ]] ; then
+ rlpkg ${PKGSET};
+ fi
fi
}