From 673f166013b66bb62dbd11e39cd9994bd77ca4b7 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Mon, 24 Aug 2015 16:26:04 -0700 Subject: [PATCH] Ensure that selinux policy is installed in correct location Failing to explicitly set the selinux policy store to operate on may result in semodule installing the policy in an incorrect location. Pass it on the command line in order to avoid this. --- build_library/build_image_util.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index f838b83337..03b681aac2 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -321,7 +321,7 @@ finish_image() { # Build the selinux policy if pkg_use_enabled coreos-base/coreos selinux; then - sudo chroot "${root_fs_dir}" bash -c "cd /usr/share/selinux/mcs && semodule -i *.pp" + sudo chroot "${root_fs_dir}" bash -c "cd /usr/share/selinux/mcs && semodule -s mcs -i *.pp" fi # We only need to disable rw and apply dm-verity in prod with a /usr partition