From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 95AC11389E2 for ; Wed, 26 Nov 2014 08:40:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 69677E0884; Wed, 26 Nov 2014 08:40:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1D8B6E0884 for ; Wed, 26 Nov 2014 08:40:53 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EDA54340585 for ; Wed, 26 Nov 2014 08:40:51 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 98F0CAEFB for ; Wed, 26 Nov 2014 08:40:50 +0000 (UTC) From: "Zac Medico" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Zac Medico" Message-ID: <1416991094.bcac54411c462aa59fe874325e4843f61dc71312.zmedico@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: bin/ X-VCS-Repository: proj/portage X-VCS-Files: bin/misc-functions.sh X-VCS-Directories: bin/ X-VCS-Committer: zmedico X-VCS-Committer-Name: Zac Medico X-VCS-Revision: bcac54411c462aa59fe874325e4843f61dc71312 X-VCS-Branch: master Date: Wed, 26 Nov 2014 08:40:50 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 5d5d2a47-9280-472a-8392-e900b4858da4 X-Archives-Hash: 75f4d262340d8a712df0bc10011559aa commit: bcac54411c462aa59fe874325e4843f61dc71312 Author: Sven Vermeulen siphos be> AuthorDate: Sun Nov 23 16:10:50 2014 +0000 Commit: Zac Medico gentoo org> CommitDate: Wed Nov 26 08:38:14 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=bcac5441 Force the SELinux user during relabel operation (530192) When Portage relabels the files of the package, it currently calls setfiles (which is correct) but does not use the -F option (force). As a result, the files only get assigned the right SELinux type, but not the right SELinux user and SELinux role. By using "setfiles -F", the SELinux user (and role, but role almost always remains "object_r") is set to the right one (system_u mostly). Without this, a multi-user system with different SELinux users and with User Based Access Control (UBAC) enabled (the local "ubac" USE flag) might find that some software fails to work for different SELinux users than the one used to install the software, until a full forced relabel operation is done. X-Gentoo-Bug: 530192 X-Gentoo-Url: https://bugs.gentoo.org/show_bug.cgi?id=530192 Acked-by: Zac Medico gentoo.org> --- bin/misc-functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh index 6e6fcb4..8d5df78 100755 --- a/bin/misc-functions.sh +++ b/bin/misc-functions.sh @@ -392,7 +392,7 @@ preinst_selinux_labels() { addwrite /selinux/context addwrite /sys/fs/selinux/context - /usr/sbin/setfiles "${file_contexts_path}" -r "${D}" "${D}" + /usr/sbin/setfiles -F "${file_contexts_path}" -r "${D}" "${D}" ) || die "Failed to set SELinux security labels." else # nonfatal, since merging can happen outside a SE kernel