sys-apps/policycoreutils: fix policy root path

root needs to be specified with -p instead of -S. The policy dir (-S) defaults to (-p) + /var/lib/selinux/ + (-s). Picked from upstream: 54a8322d18 Closes: https://github.com/flatcar-linux/Flatcar/issues/596 Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2025-08-31 19:31:07 +02:00 · 2022-01-13 16:48:00 +01:00 · 2022-01-13 16:48:00 +01:00 · 832bdb51fc
commit 832bdb51fc
parent 1cca5f4eeb
2 changed files with 2 additions and 1 deletions
--- a/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2022-01-13-policycoreutils-fix-root-path.md
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/bugfixes/2022-01-13-policycoreutils-fix-root-path.md
@ -0,0 +1 @@
+- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar-linux/Flatcar/issues/596))
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-3.1-r3.ebuild
@ -220,6 +220,6 @@ pkg_postinst() {
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
 		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
-		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		semodule -p "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }
				`@ -0,0 +1 @@`
				- Fixed leak of SELinux policy store to the root filesystem top directory due to wrong store path in `policycoreutils` instead of `/var/lib/selinux` ([flatcar-linux/Flatcar#596](https://github.com/flatcar-linux/Flatcar/issues/596))