diff mbox series

[meta-selinux] refpolicy: Remove build path reference from file_contexts.homedirs

Message ID 20251020072403.1237419-1-quic_sasikuma@quicinc.com
State New
Headers show
Series [meta-selinux] refpolicy: Remove build path reference from file_contexts.homedirs | expand

Commit Message

Sasi Kumar Maddineni Oct. 20, 2025, 7:24 a.m. UTC 
The heading() function in genhomedircon.py included a comment referencing the
absolute path to the local.users file, which resides under TMPDIR during Yocto
builds. This caused the package QA check 'buildpaths' to fail due to the presence
of build-time paths in the final packaged output.

Reference:
The below commented lines are in filecontexts.homedirs file as a header,
which contains TMPDIR path. So, do_package_qa is flagging this issue in
case of MONOLITHIC design.

To resolve this, the line generating the comment with the full path was removed,
preventing unnecessary QA errors and ensuring cleaner policy files.

Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com>
---
 ...move-build-path-reference-from-gener.patch | 36 +++++++++++++++++++
 .../refpolicy/refpolicy_common.inc            |  3 +-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 recipes-security/refpolicy/refpolicy/0057-genhomedircon-remove-build-path-reference-from-gener.patch
diff mbox series

Patch

diff --git a/recipes-security/refpolicy/refpolicy/0057-genhomedircon-remove-build-path-reference-from-gener.patch b/recipes-security/refpolicy/refpolicy/0057-genhomedircon-remove-build-path-reference-from-gener.patch
new file mode 100644
index 0000000..af9bba3
--- /dev/null
+++ b/recipes-security/refpolicy/refpolicy/0057-genhomedircon-remove-build-path-reference-from-gener.patch
@@ -0,0 +1,36 @@ 
+From f584d80dc13f63119af53618350fd8262f17fe63 Mon Sep 17 00:00:00 2001
+From: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com>
+Date: Fri, 17 Oct 2025 11:51:15 +0530
+Subject: [PATCH] genhomedircon: remove build path reference from generated
+ file_context.homedirs header
+
+The heading() function in genhomedircon.py included a comment referencing the
+absolute path to the local.users file, which resides under TMPDIR during Yocto
+builds. This caused the package QA check 'buildpaths' to fail due to the presence
+of build-time paths in the final packaged output.
+
+To resolve this, the line generating the comment with the full path was removed,
+preventing unnecessary QA errors and ensuring cleaner policy files.
+
+Upstream-Status: Pending
+
+Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com>
+---
+ support/genhomedircon.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/support/genhomedircon.py b/support/genhomedircon.py
+index b865a07c8..e7685545f 100644
+--- a/support/genhomedircon.py
++++ b/support/genhomedircon.py
+@@ -157,7 +157,6 @@ class selinuxConfig:
+ 
+ 	def heading(self):
+ 		ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
+-		ret += "# edit %s to change file_context\n#\n#\n" % self.getUsersFile()
+ 		return ret
+ 
+ 	def getUsers(self):
+-- 
+2.34.1
+
diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc
index cf32723..aa782ca 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -72,7 +72,8 @@  SRC_URI += " \
         file://0054-policy-modules-system-setrans-allow-setrans_t-use-fd.patch \
         file://0055-policy-modules-system-systemd-make-_systemd_t-MLS-tr.patch \
         file://0056-policy-modules-system-logging-make-syslogd_runtime_t.patch \
-        "
+        file://0057-genhomedircon-remove-build-path-reference-from-gener.patch \
+	"
 
 S = "${UNPACKDIR}/refpolicy"