From 943138b13254eae339afe47eeccfef5c5f01e2de Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 15 Jun 2017 13:21:01 -0400 Subject: [PATCH 3/4] postprocess: stronger handling for sepolicy in /var We shouldn't just check that the "targeted" dir exists, but rather that the actual directory where the modules are stored exists. This fixes a regression on RHEL in which the new selinux-policy-targeted lists some %ghost files under /var/lib/selinux and as a result think that the policy is in /var. Closes: #831 Approved by: cgwalters --- src/libpriv/rpmostree-postprocess.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c index 77ad66a..8252f41 100644 --- a/src/libpriv/rpmostree-postprocess.c +++ b/src/libpriv/rpmostree-postprocess.c @@ -592,7 +592,8 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, return TRUE; var_policy_location = glnx_strjoina ("var/lib/selinux/", name); - if (fstatat (rootfs_dfd, var_policy_location, &stbuf, 0) != 0) + const char *modules_location = glnx_strjoina (var_policy_location, "/active/modules"); + if (fstatat (rootfs_dfd, modules_location, &stbuf, 0) != 0) { if (errno != ENOENT) return glnx_throw_errno_prefix (error, "fstat(%s)", modules_location); -- 2.13.0