From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-750642-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 95AC11389E2
	for <garchives@archives.gentoo.org>; Wed, 26 Nov 2014 08:40:55 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 69677E0884;
	Wed, 26 Nov 2014 08:40:53 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 1D8B6E0884
	for <gentoo-commits@lists.gentoo.org>; Wed, 26 Nov 2014 08:40:53 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id EDA54340585
	for <gentoo-commits@lists.gentoo.org>; Wed, 26 Nov 2014 08:40:51 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 98F0CAEFB
	for <gentoo-commits@lists.gentoo.org>; Wed, 26 Nov 2014 08:40:50 +0000 (UTC)
From: "Zac Medico" <zmedico@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Zac Medico" <zmedico@gentoo.org>
Message-ID: <1416991094.bcac54411c462aa59fe874325e4843f61dc71312.zmedico@gentoo>
Subject: [gentoo-commits] proj/portage:master commit in: bin/
X-VCS-Repository: proj/portage
X-VCS-Files: bin/misc-functions.sh
X-VCS-Directories: bin/
X-VCS-Committer: zmedico
X-VCS-Committer-Name: Zac Medico
X-VCS-Revision: bcac54411c462aa59fe874325e4843f61dc71312
X-VCS-Branch: master
Date: Wed, 26 Nov 2014 08:40:50 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 5d5d2a47-9280-472a-8392-e900b4858da4
X-Archives-Hash: 75f4d262340d8a712df0bc10011559aa

commit:     bcac54411c462aa59fe874325e4843f61dc71312
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Nov 23 16:10:50 2014 +0000
Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>
CommitDate: Wed Nov 26 08:38:14 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=bcac5441

Force the SELinux user during relabel operation (530192)

When Portage relabels the files of the package, it currently calls
setfiles (which is correct) but does not use the -F option (force). As a
result, the files only get assigned the right SELinux type, but not the
right SELinux user and SELinux role.

By using "setfiles -F", the SELinux user (and role, but role almost
always remains "object_r") is set to the right one (system_u mostly).

Without this, a multi-user system with different SELinux users and with
User Based Access Control (UBAC) enabled (the local "ubac" USE flag)
might find that some software fails to work for different SELinux users
than the one used to install the software, until a full forced relabel
operation is done.

X-Gentoo-Bug: 530192
X-Gentoo-Url: https://bugs.gentoo.org/show_bug.cgi?id=530192
Acked-by: Zac Medico <zmedico <AT> gentoo.org>

---
 bin/misc-functions.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh
index 6e6fcb4..8d5df78 100755
--- a/bin/misc-functions.sh
+++ b/bin/misc-functions.sh
@@ -392,7 +392,7 @@ preinst_selinux_labels() {
 				addwrite /selinux/context
 				addwrite /sys/fs/selinux/context
 
-				/usr/sbin/setfiles "${file_contexts_path}" -r "${D}" "${D}"
+				/usr/sbin/setfiles -F "${file_contexts_path}" -r "${D}" "${D}"
 			) || die "Failed to set SELinux security labels."
 		else
 			# nonfatal, since merging can happen outside a SE kernel