[libvirt PATCH 05/13] selinux: don't hardcode paths to selinux tools

Daniel P. Berrangé berrange at redhat.com
Fri Aug 6 17:48:02 UTC 2021 

Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
 scripts/selinux-compile-policy.py    | 18 +++++++++++-------
 src/security/selinux/mcs/meson.build |  3 ++-
 src/security/selinux/meson.build     |  2 ++
 src/security/selinux/mls/meson.build |  3 ++-
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-policy.py
index 95f0741d1a..31b9113a5d 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -24,9 +24,10 @@ import sys
 import os
 import glob
 
-if len(sys.argv) != 7:
-    print(("Usage: {} <policy>.te <policy>.if <policy>.fc <output>.pp <tmpdir>"
-           " <type (mls/mcs)>").format(sys.argv[0]), file=sys.stderr)
+if len(sys.argv) != 9:
+    print("Usage: {} <policy>.te <policy>.if <policy>.fc <output>.pp "
+          "<tmpdir> <type (mls/mcs)> <checkmodpath> <semodpath>"
+          .format(sys.argv[0]), file=sys.stderr)
     exit(os.EX_USAGE)
 
 module_name = os.path.splitext(os.path.basename(sys.argv[1]))[0]
@@ -40,6 +41,9 @@ if sys.argv[6] == "mls":
 else:
     m4param = ["-D", "enable_mcs"] + m4param
 
+checkmod_path = sys.argv[7]
+semod_path = sys.argv[8]
+
 SHAREDIR = "/usr/share/selinux"
 HEADERDIR = os.path.join(SHAREDIR, "devel/include")
 
@@ -114,8 +118,8 @@ with open(os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
                     os.path.join(sys.argv[5], "all_interfaces.conf"),
                     sys.argv[1]], stdout=tmp_file, check=True)
 
-# /usr/bin/checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
-subprocess.run(["/usr/bin/checkmodule",
+# checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
+subprocess.run([checkmod_path,
                 "-M",
                 "-m",
                 os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
@@ -132,9 +136,9 @@ with open(os.path.join(sys.argv[5],
                    stdout=mod_fc_file, check=True)
 
 # %.pp
-# /usr/bin/semodule_package -o $4 -m $5/$MODULE_NAME.mod
+# semodule_package -o $4 -m $5/$MODULE_NAME.mod
 #   -f $5/$MODULE_NAME.mod.fc
-subprocess.run(["/usr/bin/semodule_package",
+subprocess.run([semod_path,
                 "-o",
                 sys.argv[4],
                 "-m",
diff --git a/src/security/selinux/mcs/meson.build b/src/security/selinux/mcs/meson.build
index 113148851e..0f2edc2b76 100644
--- a/src/security/selinux/mcs/meson.build
+++ b/src/security/selinux/mcs/meson.build
@@ -9,7 +9,8 @@ virt_pp = custom_target('virt.pp',
   output : 'virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
-             'selinux/mcs/tmp', 'mcs'],
+             'selinux/mcs/tmp', 'mcs',
+             checkmod_prog, semod_prog],
   install : false)
 
 bzip = custom_target('virt.pp.bz2',
diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.build
index 8db485a561..bd9abc9a33 100644
--- a/src/security/selinux/meson.build
+++ b/src/security/selinux/meson.build
@@ -1,3 +1,5 @@
+semod_prog = find_program('semodule_package')
+checkmod_prog = find_program('checkmodule')
 bzip2_prog = find_program('bzip2')
 
 install_data('virt.if', install_dir : 'share/selinux/devel/include/distributed')
diff --git a/src/security/selinux/mls/meson.build b/src/security/selinux/mls/meson.build
index 7f3233f1bd..2c866c548c 100644
--- a/src/security/selinux/mls/meson.build
+++ b/src/security/selinux/mls/meson.build
@@ -9,7 +9,8 @@ virt_pp_mls = custom_target('virt.pp',
   output : 'virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
-             'selinux/mls/tmp', 'mls'],
+             'selinux/mls/tmp', 'mls',
+             checkmod_prog, semod_prog],
   install : false)
 
 bzip_mls = custom_target('virt.pp.bz2',
-- 
2.31.1

More information about the libvir-list mailing list