From 6038166dc1f453372707e8fd557ecd571562447d Mon Sep 17 00:00:00 2001
From: Thilo Fromm <thilo@kinvolk.io>
Date: Thu, 16 Dec 2021 18:48:06 +0100
Subject: [PATCH] policycoreutils semodule fix: add bugfix changelog

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
---
 ...2021-12-16-policycoreutils-fix-semodule-postinst.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2021-12-16-policycoreutils-fix-semodule-postinst.md

diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2021-12-16-policycoreutils-fix-semodule-postinst.md b/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2021-12-16-policycoreutils-fix-semodule-postinst.md
new file mode 100644
index 0000000000..5dd37192db
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2021-12-16-policycoreutils-fix-semodule-postinst.md
@@ -0,0 +1,10 @@
+The policycoreutils ebuild calls semodule in postinst to update SELinux stores.
+It does not, however, tells semodule the correct ROOT to use, so builds that go into /build/[arch]-usr end up updating the SDK's store.
+This patch resolves the following error message:
+```
+$ emerge-amd64-usr policycoreutils
+[...]
+libsemanage.semanage_commit_sandbox: Error while renaming /var/lib/selinux/targeted/active to /var/lib/selinux/targeted/previous. (Invalid cross-device link)
+```
+The error is observed when using the SDK Container to build an OS image.
+The `semanage` run in policycoreutilsi' `postinst`  now also updates the correct store, which it previously did not.