diff options
author | Mike Frysinger <vapier@gentoo.org> | 2006-01-30 04:19:01 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2006-01-30 04:19:01 +0000 |
commit | eb2b07ef27bc8f790e2ab280bbd19a012841f9cf (patch) | |
tree | 95212abd614f2e1f7f6a4453ce23cb6a78009d49 | |
parent | 8bf811c09e5247e449c9b7f10c74ba6249cb93f2 (diff) | |
download | portage-eb2b07ef27bc8f790e2ab280bbd19a012841f9cf.tar.gz portage-eb2b07ef27bc8f790e2ab280bbd19a012841f9cf.tar.bz2 portage-eb2b07ef27bc8f790e2ab280bbd19a012841f9cf.zip |
Chris PeBenito writes in #110857 for SELinux updates:
1) change ebuild.sh code to use selinux configuration to determine where the
file contexts are, rather than a setting in make.conf.
2) change portage support to a FEATURE rather than USE. This enables the user
to disable the portage support if their setup is broken, while still enabling
selinux support in any packages they might merge. I was going to submit a patch
for portage.py, but the place it needs to be changed (line 7234 in rev
1.524.2.76/2.0.53_rc6), features (the variable) isn't filled yet, so I was
unsure of the proper fix.
svn path=/main/trunk/; revision=2606
-rwxr-xr-x | bin/ebuild.sh | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/bin/ebuild.sh b/bin/ebuild.sh index d64969e65..ff11a8b58 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -1332,20 +1332,19 @@ dyn_preinst() { fi # SELinux file labeling (needs to always be last in dyn_preinst) - if useq selinux; then + if hasq selinux ${FEATURES} ; then # only attempt to label if setfiles is executable # and 'context' is available on selinuxfs. - if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then + if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then echo ">>> Setting SELinux security labels" - if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then - cp -f "${POLICYDIR}/file_contexts/file_contexts" "${T}" - else - make -C "${POLICYDIR}" FC=${T}/file_contexts "${T}/file_contexts" - fi + ( + eval "$(/usr/sbin/selinuxconfig)" || \ + die "Failed to determine SELinux policy paths."; + + addwrite /selinux/context; - addwrite /selinux/context - /usr/sbin/setfiles -r "${IMAGE}" "${T}/file_contexts" "${IMAGE}" \ - || die "Failed to set SELinux security labels." + /usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}"; + ) || die "Failed to set SELinux security labels." else # nonfatal, since merging can happen outside a SE kernel # like during a recovery situation |