Skip to content

Commit

Permalink
remove obsolete selinux modules
Browse files Browse the repository at this point in the history 
Signed-off-by: Grzegorz Filo <gf578@wp.pl>
  • Loading branch information
plsph committed Dec 30, 2021
1 parent 206f322 commit e409b5d
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
16 changes: 16 additions & 0 deletions sec-policy/selinux-base-policy/selinux-base-policy-2.20210203-r1.ebuild
View file
Expand Up @@ -27,6 +27,7 @@ BDEPEND="
sys-apps/checkpolicy
sys-devel/m4"

OLD_MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
SLOT="0"
Expand Down Expand Up @@ -97,6 +98,7 @@ pkg_postinst() {

# Override the command from the eclass, we need to load in base as well here
local COMMAND="-i base.pp"
local DEL_MODS=""
if has_version "<sys-apps/policycoreutils-2.5"; then
COMMAND="-b base.pp"
fi
Expand All @@ -105,12 +107,26 @@ pkg_postinst() {
COMMAND="${COMMAND} -i ${i}.pp"
done

for i in ${OLD_MODS}; do
if [ -n "${MODS##*$i*}" ]; then
DEL_MODS="${DEL_MODS} ${i}"
fi
done

for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"

cd "${ROOT}/usr/share/selinux/${i}"

semodule ${root_opts} -s ${i} ${COMMAND}

if [ -n "${DEL_MODS}" ];then
for mod in ${DEL_MODS}; do
if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
semodule ${root_opts} -s ${i} -r ${mod}
fi
done
fi
done

# Don't relabel when cross compiling
Expand Down
16 changes: 16 additions & 0 deletions sec-policy/selinux-base-policy/selinux-base-policy-2.20210908-r1.ebuild
View file
Expand Up @@ -27,6 +27,7 @@ BDEPEND="
sys-apps/checkpolicy
sys-devel/m4"

OLD_MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork systemd tmpfiles udev userdomain usermanage unprivuser xdg"
LICENSE="GPL-2"
SLOT="0"
Expand Down Expand Up @@ -97,6 +98,7 @@ pkg_postinst() {

# Override the command from the eclass, we need to load in base as well here
local COMMAND="-i base.pp"
local DEL_MODS=""
if has_version "<sys-apps/policycoreutils-2.5"; then
COMMAND="-b base.pp"
fi
Expand All @@ -105,12 +107,26 @@ pkg_postinst() {
COMMAND="${COMMAND} -i ${i}.pp"
done

for i in ${OLD_MODS}; do
if [ -n "${MODS##*$i*}" ]; then
DEL_MODS="${DEL_MODS} ${i}"
fi
done

for i in ${POLICY_TYPES}; do
einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"

cd "${ROOT}/usr/share/selinux/${i}"

semodule ${root_opts} -s ${i} ${COMMAND}

if [ -n "${DEL_MODS}" ];then
for mod in ${DEL_MODS}; do
if semodule ${root_opts} -s ${i} -l | grep -q "\b${mod}\b"; then
semodule ${root_opts} -s ${i} -r ${mod}
fi
done
fi
done

# Don't relabel when cross compiling
Expand Down

0 comments on commit e409b5d

Please sign in to comment.