diff options
| author |   Zac Medico <zmedico@gentoo.org> | 2018-05-17 20:57:59 -0700 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2018-05-21 09:57:42 -0700 |
| commit | ef99f7e9e0e0b4d0ae20b6964b1efbee4c49fdaa (patch) | |
| tree | 9f44aa2dcf8bccdfd9adc3afc804eb04a654d195 /pym/portage/package/ebuild | |
| parent | misc-functions: fix selinux labelling on musl (diff) | |
| download | portage-ef99f7e9e0e0b4d0ae20b6964b1efbee4c49fdaa.tar.gz portage-ef99f7e9e0e0b4d0ae20b6964b1efbee4c49fdaa.tar.bz2 portage-ef99f7e9e0e0b4d0ae20b6964b1efbee4c49fdaa.zip | |
preinst_selinux_labels: disable LD_PRELOAD sandbox (bug 655996)
Since SELinux does not allow LD_PRELOAD across domain transitions,
disable the LD_PRELOAD sandbox for preinst_selinux_labels.
Bug: https://bugs.gentoo.org/655996
Tested-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'pym/portage/package/ebuild')
| -rw-r--r-- | pym/portage/package/ebuild/doebuild.py | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 31b552ff3..c3b89ade2 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -1722,13 +1722,27 @@ _post_phase_cmds = { "install_symlink_html_docs", "install_hooks"], - "preinst" : [ - "preinst_sfperms", - "preinst_selinux_labels", - "preinst_suid_scan", - "preinst_qa_check", - ], - + "preinst" : ( + ( + # Since SELinux does not allow LD_PRELOAD across domain transitions, + # disable the LD_PRELOAD sandbox for preinst_selinux_labels. + { + "ld_preload_sandbox": False, + "selinux_only": True, + }, + [ + "preinst_selinux_labels", + ], + ), + ( + {}, + [ + "preinst_sfperms", + "preinst_suid_scan", + "preinst_qa_check", + ], + ), + ), "postinst" : [ "postinst_qa_check"], } |