[Buildroot] [PATCH 1/1] package/refpolicy: fix build with smartmontools

* [Buildroot] [PATCH 1/1] package/refpolicy: fix build with smartmontools
@ 2023-11-28 21:48 Fabrice Fontaine
  2023-11-29  9:00 ` Peter Korsgaard
  0 siblings, 1 reply; 2+ messages in thread
From: Fabrice Fontaine @ 2023-11-28 21:48 UTC (permalink / raw)
  To: buildroot; +Cc: Antoine Tenart, Fabrice Fontaine

Fix the following build failure with smartmontools raised since bump to
version 2.20231002 in commit 68de45491ba7d4b7aeff6f869934745440f88c00:

 Compiling targeted policy.33
 env LD_LIBRARY_PATH="/home/thomas/autobuild/instance-2/output-1/host/lib:/home/thomas/autobuild/instance-2/output-1/host/usr/lib" /home/thomas/autobuild/instance-2/output-1/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
 policy/modules/services/smartmon.te:146:ERROR 'type fsadm_exec_t is not within scope' at token ';' on line 237472:
 	allow smartmon_update_drivedb_t fsadm_exec_t:file { { getattr open map read execute ioctl } ioctl lock execute_no_trans };
 #line 146
 checkpolicy:  error(s) encountered while parsing configuration
 make[1]: *** [Rules.monolithic:80: policy.33] Error 1

Fixes:
 - http://autobuild.buildroot.org/results/a01123de9a8c1927060e7e4748666bebfc82ea44

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...ervices-smartmon.te-make-fstools-opt.patch | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 package/refpolicy/0001-policy-modules-services-smartmon.te-make-fstools-opt.patch

diff --git a/package/refpolicy/0001-policy-modules-services-smartmon.te-make-fstools-opt.patch b/package/refpolicy/0001-policy-modules-services-smartmon.te-make-fstools-opt.patch
new file mode 100644
index 0000000000..ddf2943bfa
--- /dev/null
+++ b/package/refpolicy/0001-policy-modules-services-smartmon.te-make-fstools-opt.patch
@@ -0,0 +1,44 @@
+From c6d1345732c463cb45d8ba490081ad92936bfd69 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Tue, 28 Nov 2023 22:30:01 +0100
+Subject: [PATCH] policy/modules/services/smartmon.te: make fstools optional
+
+Make fstools optional to avoid the following build failure raised since
+version 2.20231002 and
+https://github.com/SELinuxProject/refpolicy/commit/cb068f09d224f90a97fa63a574fb423bbe1ceeda:
+
+ Compiling targeted policy.33
+ env LD_LIBRARY_PATH="/home/thomas/autobuild/instance-2/output-1/host/lib:/home/thomas/autobuild/instance-2/output-1/host/usr/lib" /home/thomas/autobuild/instance-2/output-1/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33
+ policy/modules/services/smartmon.te:146:ERROR 'type fsadm_exec_t is not within scope' at token ';' on line 237472:
+ 	allow smartmon_update_drivedb_t fsadm_exec_t:file { { getattr open map read execute ioctl } ioctl lock execute_no_trans };
+ #line 146
+ checkpolicy:  error(s) encountered while parsing configuration
+ make[1]: *** [Rules.monolithic:80: policy.33] Error 1
+
+Fixes:
+ - http://autobuild.buildroot.org/results/a01123de9a8c1927060e7e4748666bebfc82ea44
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Upstream: https://github.com/SELinuxProject/refpolicy/pull/738
+---
+ policy/modules/services/smartmon.te | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te
+index 32c80f712..761280c11 100644
+--- a/policy/modules/services/smartmon.te
++++ b/policy/modules/services/smartmon.te
+@@ -143,7 +143,9 @@ corenet_tcp_connect_http_port(smartmon_update_drivedb_t)
+ 
+ files_read_etc_files(smartmon_update_drivedb_t)
+ 
+-fstools_exec(smartmon_update_drivedb_t)
++optional_policy(`
++	fstools_exec(smartmon_update_drivedb_t)
++')
+ 
+ kernel_dontaudit_read_system_state(smartmon_update_drivedb_t)
+ 
+-- 
+2.42.0
+
-- 
2.42.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread