aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Zaman <perfinion@gentoo.org>2021-11-11 16:34:04 -0800
committerSam James <sam@gentoo.org>2021-11-13 04:49:06 +0000
commit5a7cc0acb21bb44c8246d8fc11bdf3823f921b3b (patch)
treeb5ef79ba61dd83b5dc170d1e6378719672d14474
parentgcc-config: add support for special 'latest' version for profile switch (diff)
downloadgcc-config-5a7cc0acb21bb44c8246d8fc11bdf3823f921b3b.tar.gz
gcc-config-5a7cc0acb21bb44c8246d8fc11bdf3823f921b3b.tar.bz2
gcc-config-5a7cc0acb21bb44c8246d8fc11bdf3823f921b3b.zip
gcc-config: Check writability in env.d instead of EROOT
SELinux blocks access to / so gcc-config fails even tho the required dirs are writable. Adding SELinux rules to allow writing to / is pretty undesirable. The best is to check for writability in the actual dirs that gcc-config needs to write. It should be sufficient to check only one dir instead of every dir, since the check for only EROOT has been sufficient in the past. avc: denied { write } for pid=17173 comm="gcc-config" name="/" dev="zfs" ino=34 scontext=staff_u:sysadm_r:gcc_config_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir Bug: https://github.com/perfinion/hardened-refpolicy/pull/20 Bug: https://bugs.gentoo.org/823203 Signed-off-by: Jason Zaman <perfinion@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org>
-rwxr-xr-xgcc-config2
1 files changed, 1 insertions, 1 deletions
diff --git a/gcc-config b/gcc-config
index 6b2a1a7..70bb388 100755
--- a/gcc-config
+++ b/gcc-config
@@ -668,7 +668,7 @@ switch_profile() {
# Make sure we have write access to the dirs. Do not require `root`
# so that we work with prefix/cross/etc... setups that run as user.
- [[ ! -w ${EROOT} ]] && die "need write access to ${EROOT}"
+ [[ ! -w ${ENV_D} ]] && die "need write access to ${ENV_D}"
if is_cross_compiler ; then
ebegin "Switching cross-compiler to ${CC_COMP}"