mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-20 03:41:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

eclass/selinux-policy-2: Sync with Gentoo

Browse Source 
It's from Gentoo commit e129a067e6e23eb794af2716fa8ab0f04c651c8e.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
This commit is contained in:
Flatcar Buildbot 2025-09-08 07:09:12 +00:00 committed by Krzesimir Nowak
parent 9b6083569a
commit 576677f440
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
sdk_container/src/third_party/portage-stable/eclass/selinux-policy-2.eclass vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors # Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# Eclass for installing SELinux policy, and optionally # Eclass for installing SELinux policy, and optionally
@ -104,15 +104,20 @@ fi
LICENSE="GPL-2" LICENSE="GPL-2"
SLOT="0" SLOT="0"
S="${WORKDIR}/" S="${WORKDIR}/"
# @ECLASS_VARIABLE: PATCHBUNDLE
# @INTERNAL
# @DESCRIPTION:
# Path to Gentoo Hardened Refpol patch to apply on top of upstream
PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2" PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
# Modules should always depend on at least the first release of the # Modules should always depend on at least the first release of the
# selinux-base-policy for which they are generated. # selinux-base-policy for which they are generated.
if [[ -n ${BASEPOL} ]]; then if [[ -n ${BASEPOL} ]]; then
RDEPEND=">=sys-apps/policycoreutils-2.0.82 RDEPEND=">=sys-apps/policycoreutils-2.5
>=sec-policy/selinux-base-policy-${BASEPOL}" >=sec-policy/selinux-base-policy-${BASEPOL}"
else else
RDEPEND=">=sys-apps/policycoreutils-2.0.82 RDEPEND=">=sys-apps/policycoreutils-2.5
>=sec-policy/selinux-base-policy-${PV}" >=sec-policy/selinux-base-policy-${PV}"
fi fi
@ -279,15 +284,11 @@ selinux-policy-2_pkg_postinst() {
semodule ${root_opts} -s ${i} -i ${COMMAND} semodule ${root_opts} -s ${i} -i ${COMMAND}
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
ewarn "SELinux module load failed. Trying full reload..."; ewarn "SELinux module load failed. Trying full reload...";
local COMMAND_base="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
COMMAND_base="-b base.pp"
fi
if [[ "${i}" == "targeted" ]]; then if [[ "${i}" == "targeted" ]]; then
semodule ${root_opts} -s ${i} ${COMMAND_base} -i $(ls *.pp | grep -v base.pp); semodule ${root_opts} -s ${i} -i *.pp
else else
semodule ${root_opts} -s ${i} ${COMMAND_base} -i $(ls *.pp | grep -v base.pp | grep -v unconfined.pp); semodule ${root_opts} -s ${i} -i $(ls *.pp | grep -v unconfined.pp);
fi fi
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
ewarn "Failed to reload SELinux policies." ewarn "Failed to reload SELinux policies."
@ -302,9 +303,9 @@ selinux-policy-2_pkg_postinst() {
ewarn "command finished successfully." ewarn "command finished successfully."
ewarn "" ewarn ""
ewarn "To reload, run the following command from within /usr/share/selinux/${i}:" ewarn "To reload, run the following command from within /usr/share/selinux/${i}:"
ewarn " semodule ${COMMAND_base} -i \$(ls *.pp | grep -v base.pp)" ewarn " semodule -i *.pp"
ewarn "or" ewarn "or"
ewarn " semodule ${COMMAND_base} -i \$(ls *.pp | grep -v base.pp | grep -v unconfined.pp)" ewarn " semodule -i \$(ls *.pp | grep -v unconfined.pp)"
ewarn "depending on if you need the unconfined domain loaded as well or not." ewarn "depending on if you need the unconfined domain loaded as well or not."
else else
einfo "SELinux modules reloaded successfully." einfo "SELinux modules reloaded successfully."