sys-apps/policycoreutils: update correct SELinux store

The policycoreutils ebuild calls `semodule` in postinst to update SELinux stores. It does not, however, tells `semodule` the correct ROOT to use, so builds that go into `/build/[arch]-usr` end up updating the SDK's store. Fixes libsemanage.semanage_commit_sandbox: Error while renaming /var/lib/selinux/targeted/active to /var/lib/selinux/targeted/previous. (Invalid cross-device link) observed when using the SDK Container to build the OS image. It now also updates the correct store, which it previously did not.
2025-10-02 11:01:14 +02:00 · 2021-12-15 17:59:40 +01:00 · 2021-12-15 17:59:40 +01:00 · 58294f287f
commit 58294f287f
parent 46f9a0bdda
1 changed files with 2 additions and 2 deletions
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild
@ -219,7 +219,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT}' (without re-loading)."
+		semodule -S "${ROOT}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }