| Summary: | sys-apps/policycoreutils: add support for /usr merge | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Alexander Tsoy <alexander> |
| Component: | Current packages | Assignee: | SE Linux Bugs <selinux> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | fedora.dm0, jstein |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 690294 | ||
I suppose the real question here is, why do you need setfiles in both /sbin and /usr/sbin? It looks like upstream installs to /sbin/setfiles[1]. The compatibility symlink was added over 13 years ago according to CVS[2], but a quick grep still shows several places in portage and SELinux packages that hardcode /usr/sbin/setfiles. I'd assume that requires both paths to exist, so can the split-usr condition please be added to fix UsrMerge support? [1] https://github.com/SELinuxProject/selinux/blob/master/policycoreutils/setfiles/Makefile#L4 [2] https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-apps/policycoreutils/policycoreutils-1.30.30.ebuild?hideattic=0&revision=1.1&view=markup#l121 Can this have its importance increased? It seems significant that UsrMerge and SELinux can't be enabled together because of this.
Also, here is the fix.
--- sys-apps/policycoreutils/policycoreutils-2.9.ebuild
+++ sys-apps/policycoreutils/policycoreutils-2.9.ebuild
@@ -15,7 +15,7 @@
SELNX_VER="${PV}"
SEPOL_VER="${PV}"
-IUSE="audit pam dbus"
+IUSE="audit pam dbus split-usr"
REQUIRED_USE="${PYTHON_REQUIRED_USE}"
DESCRIPTION="SELinux core utilities"
@@ -155,7 +155,7 @@
rm -fR "${D}/etc/rc.d" || die
# compatibility symlinks
- dosym /sbin/setfiles /usr/sbin/setfiles
+ use split-usr && dosym /sbin/setfiles /usr/sbin/setfiles
bashcomp_alias setsebool getsebool
# location for policy definitions
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=42cca0f5527c1438dc01a4a4306071cff413d4c8 commit 42cca0f5527c1438dc01a4a4306071cff413d4c8 Author: Jason Zaman <perfinion@gentoo.org> AuthorDate: 2019-12-16 12:13:19 +0000 Commit: Jason Zaman <perfinion@gentoo.org> CommitDate: 2019-12-21 14:00:40 +0000 sys-apps/policycoreutils: Add support for /usr-merge Also fix absolute symlink QA warning. Closes: https://bugs.gentoo.org/690364 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Jason Zaman <perfinion@gentoo.org> sys-apps/policycoreutils/policycoreutils-2.9.ebuild | 5 +++-- sys-apps/policycoreutils/policycoreutils-3.0.ebuild | 8 ++++---- sys-apps/policycoreutils/policycoreutils-9999.ebuild | 8 ++++---- 3 files changed, 11 insertions(+), 10 deletions(-) |
The following doesn't work for merged /usr layout: dosym /sbin/setfiles /usr/sbin/setfiles as setfiles executable is being replaced by symlink during merge. Please make this conditional on use split-usr.