diff options
| author | Peter Hutterer <peter.hutterer@who-t.net> | 2017-07-30 10:20:39 +0100 |
|---|---|---|
| committer | Jussi Pakkanen <jpakkane@gmail.com> | 2017-07-31 18:45:38 -0400 |
| commit | 1826872fd25cf72ec65378891125a264e625da88 (patch) | |
| tree | f0c1a0c3208b6b58a615b1fa2c9041e5aef71cc3 | |
| parent | bc3327ae6e2e992a9b11eb615bfc8d8fed90e281 (diff) | |
| download | meson-1826872fd25cf72ec65378891125a264e625da88.zip meson-1826872fd25cf72ec65378891125a264e625da88.tar.gz meson-1826872fd25cf72ec65378891125a264e625da88.tar.bz2 | |
install: restore the SELinux context on install
Try to restore the context for SELinux. If we fail on running
'selinuxenabled', quietly ignore the error and continue. If we fail on the
actual restorecon call, we print a message but disable SELinux - chances are
high that if one restorecon fails, others will too and that's likely a system
setup issue.
Fixes #1967
| -rw-r--r-- | mesonbuild/scripts/meson_install.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/mesonbuild/scripts/meson_install.py b/mesonbuild/scripts/meson_install.py index d949090..d4449c9 100644 --- a/mesonbuild/scripts/meson_install.py +++ b/mesonbuild/scripts/meson_install.py @@ -19,6 +19,7 @@ from . import destdir_join from ..mesonlib import is_windows, Popen_safe install_log_file = None +use_selinux = True def set_mode(path, mode): if mode is None: @@ -53,6 +54,28 @@ def set_mode(path, mode): msg = '{!r}: Unable to set permissions {!r}: {}, ignoring...' print(msg.format(path, mode.perms_s, e.strerror)) +def restore_selinux_context(to_file): + ''' + Restores the SELinux context for @to_file + ''' + global use_selinux + + if not use_selinux: + return + + try: + subprocess.check_call(['selinuxenabled']) + try: + subprocess.check_call(['restorecon', '-F', to_file], stderr=subprocess.DEVNULL) + except subprocess.CalledProcessError as e: + use_selinux = False + msg = "{!r}: Failed to restore SELinux context, ignoring SELinux context for all remaining files..." + print(msg.format(to_file, e.returncode)) + except (FileNotFoundError, subprocess.CalledProcessError) as e: + # If we don't have selinux or selinuxenabled returned 1, failure + # is ignored quietly. + use_selinux = False + def append_to_log(line): install_log_file.write(line) if not line.endswith('\n'): @@ -73,6 +96,7 @@ def do_copyfile(from_file, to_file): os.unlink(to_file) shutil.copyfile(from_file, to_file) shutil.copystat(from_file, to_file) + restore_selinux_context(to_file) append_to_log(to_file) def do_copydir(src_prefix, src_dir, dst_dir): |