sys-apps/policycoreutils: update the right store#23332
sys-apps/policycoreutils: update the right store#23332t-lo wants to merge 1 commit intogentoo:masterfrom
Conversation
The policycoreutils ebuild calls 'semodule' in postinst to update
SELinux stores. It does not, however, tells semodule the correct ROOT
to use, so installing policycoreutils in a crossdev environment will
actually update the *host's* store.
This patch adds '-S "${ROOT:-/}"' to the 'semodule' call so the correct
environment is updated.
First seen + fixed in Flatcar Container Linux:
flatcar-archive/coreos-overlay#1502
Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
Pull Request assignmentSubmitter: @t-lo sys-apps/policycoreutils: @gentoo/selinux Linked bugsNo bugs to link found. If your pull request references any of the Gentoo bug reports, please add appropriate GLEP 66 tags to the commit message and request reassignment. If you do not receive any reply to this pull request, please open or link a bug to attract the attention of maintainers. In order to force reassignment and/or bug reference scan, please append Docs: Code of Conduct ● Copyright policy (expl.) ● Devmanual ● GitHub PRs ● Proxy-maint guide |
Pull request CI reportReport generated at: 2021-12-16 19:25 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
|
Nice catch & thank you for submitting this up to us! EDIT: Do wonder if we should be using -p for ${SYSROOT} or something but that's another issue. |
The policycoreutils ebuild calls
semoduleinpostinstto update SELinux stores. It does not, however, tells semodule the correct ROOT to use, so installingpolicycoreutilsin a crossdev environment will actually update the host's store.This patch adds
-S "${ROOT:-/}"to thesemodulecall so the correct environment is updated.First seen + fixed in Flatcar Container Linux: flatcar-archive/coreos-overlay#1502