Revert patch to use restorecon due to unloaded selinux policy

restorecon doese not work inside the chroot, because there is no selinuxfs mounted on /sys/fs/selinux, leading to no loaded selinux policy being loaded. Setfiles bypasses the loaded policy, and just uses the installed policy. Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-03-22 14:18:49 +01:00 · 2018-03-22 14:18:49 +01:00 · 2d9533ab7f
parent 25da73f1e4
commit 2d9533ab7f
2 changed files with 25 additions and 1 deletions
--- a/livecd-tools-revert-restorecon.patch
+++ b/livecd-tools-revert-restorecon.patch
@ -0,0 +1,20 @@
+diff -rup livecd-tools-25.0.orig/imgcreate/kickstart.py livecd-tools-25.0/imgcreate/kickstart.py
+--- livecd-tools-25.0.orig/imgcreate/kickstart.py	2018-03-22 12:52:20.229454637 +0100
+++ livecd-tools-25.0/imgcreate/kickstart.py	2018-03-22 14:12:41.619989962 +0100
+@@ -479,12 +479,12 @@ class SelinuxConfig(KickstartConfig):
+             return
+ 
+         try:
+-            rc = subprocess.call(['restorecon', '-p', '-e', '/proc', '-e',
+-                                  '/sys', '-e', '/dev', '-F', '-R', '/'],
+-                                 preexec_fn=self.chroot)
+            rc = self.call(["/sbin/setfiles", "-p", "-e", "/proc", "-e",
+                            "/sys", "-e", "/dev",
+                            selinux.selinux_file_context_path(), "/"])
+         except OSError as e:
+             if e.errno == errno.ENOENT:
+-                logging.info('The restorecon command is not available.')
+                logging.info('The fixfiles command is not available.')
+                 return
+         if rc:
+             if ksselinux.selinux == ksconstants.SELINUX_ENFORCING:
--- a/livecd-tools.spec
+++ b/livecd-tools.spec
@ -10,7 +10,7 @@
 Summary: Tools for building live CDs
 Name: livecd-tools
 Version: 25.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 Epoch: 1
 License: GPLv2
 Group: System Environment/Base
@ -18,6 +18,7 @@ URL: https://github.com/livecd-tools/livecd-tools
 Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.gz

 Patch0:	https://github.com/livecd-tools/livecd-tools/commit/491a49ff9aedf5197af3e4dcb0f50351db3cddf0.patch
+Patch1: livecd-tools-revert-restorecon.patch

 BuildRequires: python2-devel
 %if %{with python3}
@ -189,6 +190,9 @@ rm -rfv %{buildroot}%{_mandir}/man8/livecd-iso-to-*
 %endif

 %changelog
+* Thu Mar 22 2018 Patrick Uiterwijk <puiterwijk@redhat.com> - 1:25.0-6
+- Revert patch to use restorecon due to unloaded selinux policy
+
 * Thu Mar 22 2018 Patrick Uiterwijk <puiterwijk@redhat.com> - 1:25.0-5
 - Require selinux-policy-targeted in imgcreate-sysdeps