From df72ab351f482dea63d27e447b2a93549a742ecd Mon Sep 17 00:00:00 2001
From: Thilo Fromm <thilo@kinvolk.io>
Date: Thu, 16 Dec 2021 19:20:41 +0100
Subject: sys-apps/policycoreutils: update the right ROOT store

The policycoreutils ebuild calls 'semodule' in postinst to update
SELinux stores. It does not, however, tells semodule the correct ROOT
to use, so installing policycoreutils in a crossdev environment will
actually update the *host's* store.

This patch adds '-S "${ROOT:-/}"' to the 'semodule' call so the correct
environment is updated.

First seen + fixed in Flatcar Container Linux:
https://github.com/flatcar-linux/coreos-overlay/pull/1502

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
Closes: https://github.com/gentoo/gentoo/pull/23332
Signed-off-by: Sam James <sam@gentoo.org>
---
 sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild | 4 ++--
 sys-apps/policycoreutils/policycoreutils-3.2.ebuild    | 4 ++--
 sys-apps/policycoreutils/policycoreutils-3.3.ebuild    | 4 ++--
 sys-apps/policycoreutils/policycoreutils-9999.ebuild   | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'sys-apps/policycoreutils')

diff --git a/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild b/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
index 62b8f3856614..e995a286771b 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.1-r2.ebuild
@@ -162,7 +162,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }
diff --git a/sys-apps/policycoreutils/policycoreutils-3.2.ebuild b/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
index 7299c44a1ddd..1c90708b2731 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.2.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }
diff --git a/sys-apps/policycoreutils/policycoreutils-3.3.ebuild b/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
index c8fe18af66f9..6b00366fe883 100644
--- a/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-3.3.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }
diff --git a/sys-apps/policycoreutils/policycoreutils-9999.ebuild b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
index c8fe18af66f9..6b00366fe883 100644
--- a/sys-apps/policycoreutils/policycoreutils-9999.ebuild
+++ b/sys-apps/policycoreutils/policycoreutils-9999.ebuild
@@ -156,7 +156,7 @@ pkg_postinst() {
 	for POLICY_TYPE in ${POLICY_TYPES} ; do
 		# There have been some changes to the policy store, rebuilding now.
 		# https://marc.info/?l=selinux&m=143757277819717&w=2
-		einfo "Rebuilding store ${POLICY_TYPE} (without re-loading)."
-		semodule -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
+		einfo "Rebuilding store ${POLICY_TYPE} in '${ROOT:-/}' (without re-loading)."
+		semodule -S "${ROOT:-/}" -s "${POLICY_TYPE}" -n -B || die "Failed to rebuild policy store ${POLICY_TYPE}"
 	done
 }
-- 
cgit v1.2.3-65-gdbad