mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-10-19 19:31:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

eclass/selinux-policy-2: Sync with Gentoo

Browse Source 
It's from Gentoo commit e129a067e6e23eb794af2716fa8ab0f04c651c8e.

Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
This commit is contained in:
Flatcar Buildbot 2025-09-08 07:09:12 +00:00 committed by Krzesimir Nowak
parent 9b6083569a
commit 576677f440
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
sdk_container/src/third_party/portage-stable/eclass/selinux-policy-2.eclass vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2024 Gentoo Authors
# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# Eclass for installing SELinux policy, and optionally
@ -104,15 +104,20 @@ fi
LICENSE="GPL-2"
SLOT="0"
S="${WORKDIR}/"
# @ECLASS_VARIABLE: PATCHBUNDLE
# @INTERNAL
# @DESCRIPTION:
# Path to Gentoo Hardened Refpol patch to apply on top of upstream
PATCHBUNDLE="${DISTDIR}/patchbundle-selinux-base-policy-${BASEPOL}.tar.bz2"
# Modules should always depend on at least the first release of the
# selinux-base-policy for which they are generated.
if [[ -n ${BASEPOL} ]]; then
RDEPEND=">=sys-apps/policycoreutils-2.0.82
RDEPEND=">=sys-apps/policycoreutils-2.5
>=sec-policy/selinux-base-policy-${BASEPOL}"
else
RDEPEND=">=sys-apps/policycoreutils-2.0.82
RDEPEND=">=sys-apps/policycoreutils-2.5
>=sec-policy/selinux-base-policy-${PV}"
fi
@ -279,15 +284,11 @@ selinux-policy-2_pkg_postinst() {
semodule ${root_opts} -s ${i} -i ${COMMAND}
if [[ $? -ne 0 ]]; then
ewarn "SELinux module load failed. Trying full reload...";
local COMMAND_base="-i base.pp"
if has_version "<sys-apps/policycoreutils-2.5"; then
COMMAND_base="-b base.pp"
fi
if [[ "${i}" == "targeted" ]]; then
semodule ${root_opts} -s ${i} ${COMMAND_base} -i $(ls *.pp | grep -v base.pp);
semodule ${root_opts} -s ${i} -i *.pp
else
semodule ${root_opts} -s ${i} ${COMMAND_base} -i $(ls *.pp | grep -v base.pp | grep -v unconfined.pp);
semodule ${root_opts} -s ${i} -i $(ls *.pp | grep -v unconfined.pp);
fi
if [[ $? -ne 0 ]]; then
ewarn "Failed to reload SELinux policies."
@ -302,9 +303,9 @@ selinux-policy-2_pkg_postinst() {
ewarn "command finished successfully."
ewarn ""
ewarn "To reload, run the following command from within /usr/share/selinux/${i}:"
ewarn " semodule ${COMMAND_base} -i \$(ls *.pp | grep -v base.pp)"
ewarn " semodule -i *.pp"
ewarn "or"
ewarn " semodule ${COMMAND_base} -i \$(ls *.pp | grep -v base.pp | grep -v unconfined.pp)"
ewarn " semodule -i \$(ls *.pp | grep -v unconfined.pp)"
ewarn "depending on if you need the unconfined domain loaded as well or not."
else
einfo "SELinux modules reloaded successfully."