From 58294f287ff60afaa58af9a92a2c1846dd5792eb Mon Sep 17 00:00:00 2001 From: Thilo Fromm Date: Wed, 15 Dec 2021 17:59:40 +0100 Subject: [PATCH] sys-apps/policycoreutils: update correct SELinux store The policycoreutils ebuild calls `semodule` in postinst to update SELinux stores. It does not, however, tells `semodule` the correct ROOT to use, so builds that go into `/build/[arch]-usr` end up updating the SDK's store. Fixes libsemanage.semanage_commit_sandbox: Error while renaming /var/lib/selinux/targeted/active to /var/lib/selinux/targeted/previous. (Invalid cross-device link) observed when using the SDK Container to build the OS image. It now also updates the correct store, which it previously did not. --- .../sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild index f0d8ad028c..eb88ffc6cb 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild @@ -219,7 +219,7 @@ pkg_postinst() { for POLICY_TYPE in ${POLICY_TYPES} ; do # There have been some changes to the policy store, rebuilding now. # https://marc.info/?l=selinux&m=143757277819717&w=2 - einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)." - semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" + einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT}' (without re-loading)." + semodule -S "${ROOT}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}" done }