Chris PeBenito writes in #110857 for SELinux updates:
authorMike Frysinger <vapier@gentoo.org>
Mon, 30 Jan 2006 04:19:01 +0000 (04:19 -0000)
committerMike Frysinger <vapier@gentoo.org>
Mon, 30 Jan 2006 04:19:01 +0000 (04:19 -0000)
1) change ebuild.sh code to use selinux configuration to determine where the
file contexts are, rather than a setting in make.conf.
2) change portage support to a FEATURE rather than USE.  This enables the user
to disable the portage support if their setup is broken, while still enabling
selinux support in any packages they might merge.  I was going to submit a patch
for portage.py, but the place it needs to be changed (line 7234 in rev
1.524.2.76/2.0.53_rc6), features (the variable) isn't filled yet, so I was
unsure of the proper fix.

svn path=/main/trunk/; revision=2606

bin/ebuild.sh

index d64969e6507c8206dacb42936c1362990331b091..ff11a8b589dc3a9c38ba3fcf123f2428c2570cca 100755 (executable)
@@ -1332,20 +1332,19 @@ dyn_preinst() {
        fi
 
        # SELinux file labeling (needs to always be last in dyn_preinst)
-       if useq selinux; then
+       if hasq selinux ${FEATURES} ; then
                # only attempt to label if setfiles is executable
                # and 'context' is available on selinuxfs.
-               if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then
+               if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then
                        echo ">>> Setting SELinux security labels"
-                       if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then
-                               cp -f "${POLICYDIR}/file_contexts/file_contexts" "${T}"
-                       else
-                               make -C "${POLICYDIR}" FC=${T}/file_contexts "${T}/file_contexts"
-                       fi
+                       (
+                               eval "$(/usr/sbin/selinuxconfig)" || \
+                                       die "Failed to determine SELinux policy paths.";
+
+                               addwrite /selinux/context;
 
-                       addwrite /selinux/context
-                       /usr/sbin/setfiles -r "${IMAGE}" "${T}/file_contexts" "${IMAGE}" \
-                               || die "Failed to set SELinux security labels."
+                               /usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}";
+                       ) || die "Failed to set SELinux security labels."
                else
                        # nonfatal, since merging can happen outside a SE kernel
                        # like during a recovery situation