From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1350418-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 6ADA5158086
	for <garchives@archives.gentoo.org>; Fri, 17 Dec 2021 05:16:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8ADEBE0826;
	Fri, 17 Dec 2021 05:16:11 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 4EF78E0826
	for <gentoo-commits@lists.gentoo.org>; Fri, 17 Dec 2021 05:16:09 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 62FF0342F3C
	for <gentoo-commits@lists.gentoo.org>; Fri, 17 Dec 2021 05:16:08 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id CBAE714D
	for <gentoo-commits@lists.gentoo.org>; Fri, 17 Dec 2021 05:16:06 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1639718152.df72ab351f482dea63d27e447b2a93549a742ecd.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/policycoreutils/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild sys-apps/policycoreutils/policycoreutils-3.2.ebuild sys-apps/policycoreutils/policycoreutils-3.3.ebuild sys-apps/policycoreutils/policycoreutils-9999.ebuild
X-VCS-Directories: sys-apps/policycoreutils/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: df72ab351f482dea63d27e447b2a93549a742ecd
X-VCS-Branch: master
Date: Fri, 17 Dec 2021 05:16:06 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 653c2e40-e0d0-40a5-a138-1196323164c9
X-Archives-Hash: 206c00729bbe509440d951bba852246f

commit:     df72ab351f482dea63d27e447b2a93549a742ecd
Author:     Thilo Fromm <thilo <AT> kinvolk <DOT> io>
AuthorDate: Thu Dec 16 18:20:41 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec 17 05:15:52 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df72ab35

sys-apps/policycoreutils: update the right ROOT store

The policycoreutils ebuild calls 'semodule' in postinst to update
SELinux stores. It does not, however, tells semodule the correct ROOT
to use, so installing policycoreutils in a crossdev environment will
actually update the *host's* store.

This patch adds '-S "${ROOT:-/}"' to the 'semodule' call so the correct
environment is updated.

First seen + fixed in Flatcar Container Linux:
https://github.com/flatcar-linux/coreos-overlay/pull/1502

Signed-off-by: Thilo Fromm <thilo <AT> kinvolk.io>
Closes: https://github.com/gentoo/gentoo/pull/23332
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild | 4 ++--
 sys-apps/policycoreutils/policycoreutils-3.2.ebuild    | 4 ++--
 sys-apps/policycoreutils/policycoreutils-3.3.ebuild    | 4 ++--
 sys-apps/policycoreutils/policycoreutils-9999.ebuild   | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild b/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
index 62b8f3856614..e995a286771b 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
@@ -162,7 +162,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }

diff --git a/sys-apps/policycoreutils/policycoreutils-3.2.ebuild b/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
index 7299c44a1ddd..1c90708b2731 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }

diff --git a/sys-apps/policycoreutils/policycoreutils-3.3.ebuild b/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
index c8fe18af66f9..6b00366fe883 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }

diff --git a/sys-apps/policycoreutils/policycoreutils-9999.ebuild b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
index c8fe18af66f9..6b00366fe883 100644
--- a/sys-apps/policycoreutils/policycoreutils-9999.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }