Merge pull request #1331 from mjg59/selinux

Remove calls to host tools during selinux policy build
2025-08-22 06:51:26 +02:00 · 2015-07-01 13:41:07 -07:00 · 2015-07-01 13:41:07 -07:00 · f29fae2428
commit f29fae2428
parent 601e5f58c0 7d9e123f97
3 changed files with 4 additions and 98 deletions
--- a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
@ -122,7 +122,7 @@ case "${EAPI:-0}" in
 	*) : ;;
 esac

-EXPORT_FUNCTIONS "src_unpack src_prepare src_compile src_install pkg_postinst pkg_postrm"
+EXPORT_FUNCTIONS "src_unpack src_prepare src_compile src_install pkg_postrm"

 # @FUNCTION: selinux-policy-2_src_unpack
 # @DESCRIPTION:
@ -232,7 +232,7 @@ selinux-policy-2_src_compile() {
 			# Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178
 			emake -j1 NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		else
-			emake NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
+			emake NAME=$i BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		fi
 	done
 }
@ -259,74 +259,6 @@ selinux-policy-2_src_install() {
 	done
 }

-# @FUNCTION: selinux-policy-2_pkg_postinst
-# @DESCRIPTION:
-# Install the built .pp files in the SELinux policy stores, effectively
-# activating the policy on the system.
-selinux-policy-2_pkg_postinst() {
-	# build up the command in the case of multiple modules
-	local COMMAND
-	for i in ${MODS}; do
-		COMMAND="-i ${i}.pp ${COMMAND}"
-	done
-
-	for i in ${POLICY_TYPES}; do
-		if [ "${i}" == "strict" ] && [ "${MODS}" = "unconfined" ];
-		then
-			einfo "Ignoring loading of unconfined module in strict module store.";
-			continue;
-		fi
-		einfo "Inserting the following modules into the $i module store: ${MODS}"
-
-		cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
-		semodule -s ${i} ${COMMAND}
-		if [ $? -ne 0 ];
-		then
-			ewarn "SELinux module load failed. Trying full reload...";
-			if [ "${i}" == "targeted" ];
-			then
-				semodule -s ${i} -b base.pp -i $(ls *.pp | grep -v base.pp);
-			else
-				semodule -s ${i} -b base.pp -i $(ls *.pp | grep -v base.pp | grep -v unconfined.pp);
-			fi
-			if [ $? -ne 0 ];
-			then
-				ewarn "Failed to reload SELinux policies."
-				ewarn ""
-				ewarn "If this is *not* the last SELinux module package being installed,"
-				ewarn "then you can safely ignore this as the reloads will be retried"
-				ewarn "with other, recent modules."
-				ewarn ""
-				ewarn "If it is the last SELinux module package being installed however,"
-				ewarn "then it is advised to look at the error above and take appropriate"
-				ewarn "action since the new SELinux policies are not loaded until the"
-				ewarn "command finished succesfully."
-				ewarn ""
-				ewarn "To reload, run the following command from within /usr/share/selinux/${i}:"
-				ewarn "  semodule -b base.pp -i \$(ls *.pp | grep -v base.pp)"
-				ewarn "or"
-				ewarn "  semodule -b base.pp -i \$(ls *.pp | grep -v base.pp | grep -v unconfined.pp)"
-				ewarn "depending on if you need the unconfined domain loaded as well or not."
-			else
-				einfo "SELinux modules reloaded succesfully."
-			fi
-		else
-			einfo "SELinux modules loaded succesfully."
-		fi
-	done
-
-	# Relabel depending packages
-	PKGSET="";
-	if [ -x /usr/bin/qdepends ] ; then
-	  PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v "sec-policy/selinux-");
-	elif [ -x /usr/bin/equery ] ; then
-	  PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v "sec-policy/selinux-");
-	fi
-    if [ -n "${PKGSET}" ] ; then
-	  rlpkg ${PKGSET};
-	fi
-}
-
 # @FUNCTION: selinux-policy-2_pkg_postrm
 # @DESCRIPTION:
 # Uninstall the module(s) from the SELinux policy stores, effectively
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r5.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r5.ebuild
@ -99,7 +99,7 @@ src_prepare() {

 src_compile() {
 	for i in ${POLICY_TYPES}; do
-		emake SHAREDIR="${ROOT}/usr/share/selinux" NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+		emake BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" NAME=$i -C "${S}"/${i} || die "${i} compile failed"
 	done
 }

@ -115,29 +115,3 @@ src_install() {
 	done
 }

-pkg_postinst() {
-	# Override the command from the eclass, we need to load in base as well here
-	local COMMAND
-	for i in ${MODS}; do
-		COMMAND="-i ${i}.pp ${COMMAND}"
-	done
-
-	for i in ${POLICY_TYPES}; do
-		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
-
-		cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
-
-		semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
-	done
-
-	# Relabel depending packages
-	local PKGSET="";
-	if [ -x /usr/bin/qdepends ] ; then
-		PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
-	elif [ -x /usr/bin/equery ] ; then
-		PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
-	fi
-	if [ -n "${PKGSET}" ] ; then
-		rlpkg ${PKGSET};
-	fi
-}
--- a/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r5.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sec-policy/selinux-base/selinux-base-2.20141203-r5.ebuild
@ -123,7 +123,7 @@ src_compile() {

 	for i in ${POLICY_TYPES}; do
 		cd "${S}/${i}"
-		emake base || die "${i} compile failed"
+		emake base BINDIR="${ROOT}/usr/bin" || die "${i} compile failed"
 		if use doc; then
 			make html || die
 		fi