Merge pull request #1470 from marineam/selinux

Another round of SELinux fixes
2025-08-22 15:01:00 +02:00 · 2015-08-14 18:23:04 -07:00 · 2015-08-14 18:23:04 -07:00 · fb9b323483
commit fb9b323483
parent 1076ef2b7a 9ea1691350
6 changed files with 16 additions and 6 deletions
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r20.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r20.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild
@ -40,4 +40,11 @@ DEPEND="
 	sys-fs/cryptsetup
 	dev-rust/cargo
 	"
+
+# Must match the build-time dependencies listed in selinux-policy-2.eclass
+DEPEND="${DEPEND}
+	>=sys-apps/checkpolicy-2.0.21
+	>=sys-apps/policycoreutils-2.0.82
+	sys-devel/m4"
+
 RDEPEND="${DEPEND}"
--- a/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/selinux-policy-2.eclass
@ -232,7 +232,7 @@ selinux-policy-2_src_compile() {
 			# Parallel builds are broken in 2.20140311-r7 and earlier, bug 530178
 			emake -j1 NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		else
-			emake NAME=$i BINDIR="${ROOT}/usr/bin" SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
+			emake NAME=$i SHAREDIR="${ROOT}/usr/share/selinux" -C "${S}"/${i} || die "${i} compile failed"
 		fi
 	done
 }
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/package.use
@ -0,0 +1,6 @@
+# Enable SELinux for amd64 targets
+coreos-base/coreos	    selinux
+sys-apps/dbus               selinux
+sys-apps/systemd            selinux
+sys-kernel/coreos-kernel    selinux
+
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
@ -3,7 +3,6 @@

 app-admin/rsyslog	-ssl
 app-editors/vim		minimal
-coreos-base/coreos	selinux
 dev-lang/python		-berkdb gdbm
 dev-libs/dbus-glib	tools
 dev-libs/elfutils	-utils
@ -16,17 +15,15 @@ net-misc/dhcp	        -server
 net-misc/iperf		threads
 net-misc/ntp            caps
 sys-apps/busybox	-pam -selinux
-sys-apps/dbus		selinux
 sys-apps/smartmontools	minimal
 sys-block/parted        device-mapper
 sys-fs/lvm2		-lvm1 -readline
-sys-kernel/coreos-kernel selinux
 sys-libs/ncurses	minimal
 sys-libs/pam        -berkdb
 sys-libs/gdbm		berkdb

 # enable journal gateway and container features, avoid pulling in gnutls
-sys-apps/systemd audit importd http nat -ssl selinux
+sys-apps/systemd audit importd http nat -ssl

 net-libs/libmicrohttpd -ssl

--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-2.4-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/policycoreutils/policycoreutils-2.4-r2.ebuild
@ -109,7 +109,7 @@ src_compile() {
 			INOTIFYH="$(usex dbus)" \
 			SESANDBOX="n" \
 			CC="$(tc-getCC)" \
-			PREFIX="${ROOT}" \
+			DESTDIR="${ROOT}" \
 			PYLIBVER="${EPYTHON}" \
 			LIBDIR="\$(PREFIX)/$(get_libdir)"
 	}