Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile1
-rw-r--r--Rules.monolithic15
-rw-r--r--support/selinux_binary_policy_path.py12
3 files changed, 27 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index eae365e53..ba346a272 100644
--- a/Makefile
+++ b/Makefile
@@ -97,6 +97,7 @@ genxml := $(PYTHON) $(support)/segenxml.py
gendoc := $(PYTHON) $(support)/sedoctool.py
genperm := $(PYTHON) $(support)/genclassperms.py
policyvers := $(PYTHON) $(support)/policyvers.py
+binary_policy_path := $(PYTHON) $(support)/selinux_binary_policy_path.py
fcsort := $(PYTHON) $(support)/fc_sort.py
setbools := $(AWK) -f $(support)/set_bools_tuns.awk
get_type_attr_decl := $(SED) -r -f $(support)/get_type_attr_decl.sed
diff --git a/Rules.monolithic b/Rules.monolithic
index a8ae98d12..7dbc2e1cf 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -13,6 +13,12 @@ ifeq "$(kv)" ""
kv := $(pv)
endif
+# load_policy(8) loads policy from /etc/selinux/<SELINUXTYPE>/policy/policy.$(pv)
+# It does this by reading the /etc/selinux/config file SELINUXTYPE entry to
+# form the full path. $(polbinpath) will contain this evaluated path for use as
+# a validation check.
+polbinpath := $(shell $(binary_policy_path))
+
policy_conf = $(builddir)policy.conf
fc = $(builddir)file_contexts
polver = $(builddir)policy.$(pv)
@@ -91,9 +97,16 @@ endif
# Load the binary policy
#
reload $(tmpdir)/load: $(loadpath) $(fcpath) $(appfiles)
+ifneq ($(DESTDIR),)
+ $(error Cannot load policy as '$$DESTDIR' is set to $(DESTDIR), \
+ creating an invalid policy load path)
+endif
+ifneq ($(polbinpath).$(pv),$(loadpath))
+ $(error Cannot load policy as invalid policy path: $(polbinpath).$(pv) - \
+ Check $(topdir)/config file entry is: "SELINUXTYPE=$(NAME)")
+endif
@echo "Loading $(NAME) $(loadpath)"
$(verbose) $(LOADPOLICY) -q $(loadpath)
- @touch $(tmpdir)/load
########################################
#
diff --git a/support/selinux_binary_policy_path.py b/support/selinux_binary_policy_path.py
new file mode 100644
index 000000000..a30eb9b6b
--- /dev/null
+++ b/support/selinux_binary_policy_path.py
@@ -0,0 +1,12 @@
+#!/usr/bin/env python3
+
+try:
+ import warnings
+ with warnings.catch_warnings():
+ warnings.filterwarnings("ignore", category=PendingDeprecationWarning)
+ import selinux
+
+ if selinux.is_selinux_enabled():
+ print(selinux.selinux_binary_policy_path())
+except ImportError:
+ exit(0)