diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass index 4f7ed94795..aef0e1b419 100644 --- a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass +++ b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass @@ -122,7 +122,7 @@ case "${EAPI:-0}" in *) : ;; esac -EXPORT_FUNCTIONS "src_unpack src_prepare src_compile src_install pkg_postinst pkg_postrm" +EXPORT_FUNCTIONS "src_unpack src_prepare src_compile src_install pkg_postrm" # @FUNCTION: selinux-policy-2_src_unpack # @DESCRIPTION: @@ -232,7 +232,7 @@ selinux-policy-2_src_compile() { # Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178 emake -j1 NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed" else - emake NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed" + emake NAME=$i BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed" fi done } @@ -259,74 +259,6 @@ selinux-policy-2_src_install() { done } -# @FUNCTION: selinux-policy-2_pkg_postinst -# @DESCRIPTION: -# Install the built .pp files in the SELinux policy stores, effectively -# activating the policy on the system. -selinux-policy-2_pkg_postinst() { - # build up the command in the case of multiple modules - local COMMAND - for i in ${MODS}; do - COMMAND="-i ${i}.pp ${COMMAND}" - done - - for i in ${POLICY_TYPES}; do - if [ "${i}" == "strict" ] && [ "${MODS}" = "unconfined" ]; - then - einfo "Ignoring loading of unconfined module in strict module store."; - continue; - fi - einfo "Inserting the following modules into the $i module store: ${MODS}" - - cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" - semodule -s ${i} ${COMMAND} - if [ $? -ne 0 ]; - then - ewarn "SELinux module load failed. Trying full reload..."; - if [ "${i}" == "targeted" ]; - then - semodule -s ${i} -b base.pp -i $(ls *.pp | grep -v base.pp); - else - semodule -s ${i} -b base.pp -i $(ls *.pp | grep -v base.pp | grep -v unconfined.pp); - fi - if [ $? -ne 0 ]; - then - ewarn "Failed to reload SELinux policies." - ewarn "" - ewarn "If this is *not* the last SELinux module package being installed," - ewarn "then you can safely ignore this as the reloads will be retried" - ewarn "with other, recent modules." - ewarn "" - ewarn "If it is the last SELinux module package being installed however," - ewarn "then it is advised to look at the error above and take appropriate" - ewarn "action since the new SELinux policies are not loaded until the" - ewarn "command finished succesfully." - ewarn "" - ewarn "To reload, run the following command from within /usr/share/selinux/${i}:" - ewarn " semodule -b base.pp -i \$(ls *.pp | grep -v base.pp)" - ewarn "or" - ewarn " semodule -b base.pp -i \$(ls *.pp | grep -v base.pp | grep -v unconfined.pp)" - ewarn "depending on if you need the unconfined domain loaded as well or not." - else - einfo "SELinux modules reloaded succesfully." - fi - else - einfo "SELinux modules loaded succesfully." - fi - done - - # Relabel depending packages - PKGSET=""; - if [ -x /usr/bin/qdepends ] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v "sec-policy/selinux-"); - elif [ -x /usr/bin/equery ] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v "sec-policy/selinux-"); - fi - if [ -n "${PKGSET}" ] ; then - rlpkg ${PKGSET}; - fi -} - # @FUNCTION: selinux-policy-2_pkg_postrm # @DESCRIPTION: # Uninstall the module(s) from the SELinux policy stores, effectively diff --git a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r5.ebuild index 7ea9eee154..6e0b7b78db 100644 --- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r5.ebuild @@ -99,7 +99,7 @@ src_prepare() { src_compile() { for i in ${POLICY_TYPES}; do - emake SHAREDIR="${ROOT}/usr/share/selinux" NAME=$i -C "${S}"/${i} || die "${i} compile failed" + emake BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" NAME=$i -C "${S}"/${i} || die "${i} compile failed" done } @@ -115,29 +115,3 @@ src_install() { done } -pkg_postinst() { - # Override the command from the eclass, we need to load in base as well here - local COMMAND - for i in ${MODS}; do - COMMAND="-i ${i}.pp ${COMMAND}" - done - - for i in ${POLICY_TYPES}; do - einfo "Inserting the following modules, with base, into the $i module store: ${MODS}" - - cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}" - - semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store" - done - - # Relabel depending packages - local PKGSET=""; - if [ -x /usr/bin/qdepends ] ; then - PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - elif [ -x /usr/bin/equery ] ; then - PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-'); - fi - if [ -n "${PKGSET}" ] ; then - rlpkg ${PKGSET}; - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r5.ebuild b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r5.ebuild index 4683dcd6b1..eaa64ca17a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r5.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r5.ebuild @@ -123,7 +123,7 @@ src_compile() { for i in ${POLICY_TYPES}; do cd "${S}/${i}" - emake base || die "${i} compile failed" + emake base BINDIR="${ROOT}/usr/bin" || die "${i} compile failed" if use doc; then make html || die fi