diff options
| author |   Rahul Sandhu <rahul@sandhuservices.dev> | 2024-08-02 20:37:54 +0100 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2024-08-24 17:48:19 -0700 |
| commit | 75d12a333e1866ad6affa62b95fe88be48f5b118 (patch) | |
| tree | b8e4a8e61bfc62cb9678fa1a6de5fe7c4e15e004 /eclass | |
| parent | sys-devel/gcc: add 14.2.1_p20240824 (diff) | |
| download | gentoo-75d12a333e1866ad6affa62b95fe88be48f5b118.tar.gz gentoo-75d12a333e1866ad6affa62b95fe88be48f5b118.tar.bz2 gentoo-75d12a333e1866ad6affa62b95fe88be48f5b118.zip | |
selinux-policy-2.eclass: Load unconfined module for mcs/mls policy types
Currently, there doesn't seem to be a reason to block the loading of
the unconfined policy module on the mcs and mls policy types. Let's
ensure we load the unconfined policy module unconditionally in the
eclass.
The loading of the unconfined policy module was initially blocked in
82e30f21ab85b6de3ebc45ae10b28b9bd280e4a1, however as far as I can tell,
there is no longer a reason to do this. Considering there are use flags
for sec-policy/selinux-base and sec-policy/selinux-base-policy for the
unconfined policy module, and using the unconfined policy module is
supported for the mcs and mls policy types, it makes sense to no longer
block the loading of the policy module. It is also worth mentioning
that grabbing an selinux stage3 has the unconfined policy module
already loaded.
As the strict policy is effectively the targeted policy without support
for the unconfined domain, it makes sense to not load the unconfined
module for strict policy types. Let's keep a conitional check for the
strict policy to ensure we don't load the unconfined module in that
case.
Closes: https://bugs.gentoo.org/933709
Closes: https://github.com/gentoo/gentoo/pull/37931
Signed-off-by: Rahul Sandhu <rahul@sandhuservices.dev>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/selinux-policy-2.eclass | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass index ad760673cab1..e7d6cd9a9e5f 100644 --- a/eclass/selinux-policy-2.eclass +++ b/eclass/selinux-policy-2.eclass @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # Eclass for installing SELinux policy, and optionally @@ -260,13 +260,9 @@ selinux-policy-2_pkg_postinst() { local COMMAND for i in ${POLICY_TYPES}; do - if [[ "${MODS}" = "unconfined" ]]; then - case ${i} in - strict|mcs|mls) - einfo "Ignoring loading of unconfined module in ${i} module store."; - continue - ;; - esac + if [[ "${i}" == "strict" ]] && [[ "${MODS}" = "unconfined" ]]; then + einfo "Ignoring loading of unconfined module in strict module store."; + continue; fi einfo "Inserting the following modules into the $i module store: ${MODS}" |