selinux-policy: do not execute binaries under $ROOT

Run-time binaries must be provided by the SDK, dynamic libraries or the entire architecture may be different under the target $ROOT. I have no idea if selinux can be built cross-architecture though, if not this may need to be revisited with qemu.
2025-08-22 15:01:00 +02:00 · 2015-08-14 17:25:43 -07:00 · 2015-08-14 17:25:43 -07:00 · eb258f2da7
commit eb258f2da7
parent 8fed02d826
3 changed files with 8 additions and 1 deletions
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r20.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r20.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
@ -40,4 +40,11 @@ DEPEND="
 	sys-fs/cryptsetup
 	dev-rust/cargo
 	"
+
+# Must match the build-time dependencies listed in selinux-policy-2.eclass
+DEPEND="${DEPEND}
+	>=sys-apps/checkpolicy-2.0.21
+	>=sys-apps/policycoreutils-2.0.82
+	sys-devel/m4"
+
 RDEPEND="${DEPEND}"
--- a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
@ -232,7 +232,7 @@ selinux-policy-2_src_compile() {
 			# Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178
 			emake -j1 NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		else
-			emake NAME=$i BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
+			emake NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		fi
 	done
 }