summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2006-01-30 04:19:01 +0000
committerMike Frysinger <vapier@gentoo.org>2006-01-30 04:19:01 +0000
commiteb2b07ef27bc8f790e2ab280bbd19a012841f9cf (patch)
tree95212abd614f2e1f7f6a4453ce23cb6a78009d49
parent8bf811c09e5247e449c9b7f10c74ba6249cb93f2 (diff)
downloadportage-eb2b07ef27bc8f790e2ab280bbd19a012841f9cf.tar.gz
portage-eb2b07ef27bc8f790e2ab280bbd19a012841f9cf.tar.bz2
portage-eb2b07ef27bc8f790e2ab280bbd19a012841f9cf.zip
Chris PeBenito writes in #110857 for SELinux updates:
1) change ebuild.sh code to use selinux configuration to determine where the file contexts are, rather than a setting in make.conf. 2) change portage support to a FEATURE rather than USE. This enables the user to disable the portage support if their setup is broken, while still enabling selinux support in any packages they might merge. I was going to submit a patch for portage.py, but the place it needs to be changed (line 7234 in rev 1.524.2.76/2.0.53_rc6), features (the variable) isn't filled yet, so I was unsure of the proper fix. svn path=/main/trunk/; revision=2606
-rwxr-xr-xbin/ebuild.sh19
1 files changed, 9 insertions, 10 deletions
diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index d64969e65..ff11a8b58 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -1332,20 +1332,19 @@ dyn_preinst() {
fi
# SELinux file labeling (needs to always be last in dyn_preinst)
- if useq selinux; then
+ if hasq selinux ${FEATURES} ; then
# only attempt to label if setfiles is executable
# and 'context' is available on selinuxfs.
- if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then
+ if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then
echo ">>> Setting SELinux security labels"
- if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then
- cp -f "${POLICYDIR}/file_contexts/file_contexts" "${T}"
- else
- make -C "${POLICYDIR}" FC=${T}/file_contexts "${T}/file_contexts"
- fi
+ (
+ eval "$(/usr/sbin/selinuxconfig)" || \
+ die "Failed to determine SELinux policy paths.";
+
+ addwrite /selinux/context;
- addwrite /selinux/context
- /usr/sbin/setfiles -r "${IMAGE}" "${T}/file_contexts" "${IMAGE}" \
- || die "Failed to set SELinux security labels."
+ /usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}";
+ ) || die "Failed to set SELinux security labels."
else
# nonfatal, since merging can happen outside a SE kernel
# like during a recovery situation