[libvirt PATCH 05/13] selinux: don't hardcode paths to selinux tools
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
scripts/selinux-compile-policy.py | 18 +++++++++++-------
src/security/selinux/mcs/meson.build | 3 ++-
src/security/selinux/meson.build | 2 ++
src/security/selinux/mls/meson.build | 3 ++-
4 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-policy.py
index 95f0741d1a..31b9113a5d 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -24,9 +24,10 @@ import sys
import os
import glob
-if len(sys.argv) != 7:
- print(("Usage: {} <policy>.te <policy>.if <policy>.fc
<output>.pp <tmpdir>"
- " <type (mls/mcs)>").format(sys.argv[0]), file=sys.stderr)
+if len(sys.argv) != 9:
+ print("Usage: {} <policy>.te <policy>.if <policy>.fc
<output>.pp "
+ "<tmpdir> <type (mls/mcs)> <checkmodpath>
<semodpath>"
+ .format(sys.argv[0]), file=sys.stderr)
exit(os.EX_USAGE)
module_name = os.path.splitext(os.path.basename(sys.argv[1]))[0]
@@ -40,6 +41,9 @@ if sys.argv[6] == "mls":
else:
m4param = ["-D", "enable_mcs"] + m4param
+checkmod_path = sys.argv[7]
+semod_path = sys.argv[8]
+
SHAREDIR = "/usr/share/selinux"
HEADERDIR = os.path.join(SHAREDIR, "devel/include")
@@ -114,8 +118,8 @@ with open(os.path.join(sys.argv[5],
"{}.tmp".format(module_name)),
os.path.join(sys.argv[5], "all_interfaces.conf"),
sys.argv[1]], stdout=tmp_file, check=True)
-# /usr/bin/checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
-subprocess.run(["/usr/bin/checkmodule",
+# checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
+subprocess.run([checkmod_path,
"-M",
"-m",
os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
@@ -132,9 +136,9 @@ with open(os.path.join(sys.argv[5],
stdout=mod_fc_file, check=True)
# %.pp
-# /usr/bin/semodule_package -o $4 -m $5/$MODULE_NAME.mod
+# semodule_package -o $4 -m $5/$MODULE_NAME.mod
# -f $5/$MODULE_NAME.mod.fc
-subprocess.run(["/usr/bin/semodule_package",
+subprocess.run([semod_path,
"-o",
sys.argv[4],
"-m",
diff --git a/src/security/selinux/mcs/meson.build b/src/security/selinux/mcs/meson.build
index 113148851e..0f2edc2b76 100644
--- a/src/security/selinux/mcs/meson.build
+++ b/src/security/selinux/mcs/meson.build
@@ -9,7 +9,8 @@ virt_pp = custom_target('virt.pp',
output : 'virt.pp',
input : selinux_sources,
command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
- 'selinux/mcs/tmp', 'mcs'],
+ 'selinux/mcs/tmp', 'mcs',
+ checkmod_prog, semod_prog],
install : false)
bzip = custom_target('virt.pp.bz2',
diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.build
index 8db485a561..bd9abc9a33 100644
--- a/src/security/selinux/meson.build
+++ b/src/security/selinux/meson.build
@@ -1,3 +1,5 @@
+semod_prog = find_program('semodule_package')
+checkmod_prog = find_program('checkmodule')
bzip2_prog = find_program('bzip2')
install_data('virt.if', install_dir :
'share/selinux/devel/include/distributed')
diff --git a/src/security/selinux/mls/meson.build b/src/security/selinux/mls/meson.build
index 7f3233f1bd..2c866c548c 100644
--- a/src/security/selinux/mls/meson.build
+++ b/src/security/selinux/mls/meson.build
@@ -9,7 +9,8 @@ virt_pp_mls = custom_target('virt.pp',
output : 'virt.pp',
input : selinux_sources,
command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
- 'selinux/mls/tmp', 'mls'],
+ 'selinux/mls/tmp', 'mls',
+ checkmod_prog, semod_prog],
install : false)
bzip_mls = custom_target('virt.pp.bz2',
--
2.31.1