From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1557751-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 143E2158089
	for <garchives@archives.gentoo.org>; Tue, 26 Sep 2023 20:54:18 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 274522BC02D;
	Tue, 26 Sep 2023 20:54:17 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 1058C2BC02D
	for <gentoo-commits@lists.gentoo.org>; Tue, 26 Sep 2023 20:54:17 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 4C173335CE9
	for <gentoo-commits@lists.gentoo.org>; Tue, 26 Sep 2023 20:54:16 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id BACA11266
	for <gentoo-commits@lists.gentoo.org>; Tue, 26 Sep 2023 20:54:14 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1695761652.0c324425b7c6151a59fe85577b74c895c3c85aed.sam@gentoo>
Subject: [gentoo-commits] proj/portage:master commit in: bin/
X-VCS-Repository: proj/portage
X-VCS-Files: bin/dispatch-conf
X-VCS-Directories: bin/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 0c324425b7c6151a59fe85577b74c895c3c85aed
X-VCS-Branch: master
Date: Tue, 26 Sep 2023 20:54:14 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 0cde2dd7-df84-40da-90e8-b38c7a05c2e1
X-Archives-Hash: dbd45a4d33af7ebdf3ae3b1212049b0c

commit:     0c324425b7c6151a59fe85577b74c895c3c85aed
Author:     Kenton Groombridge <concord <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 21 20:28:02 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Sep 26 20:54:12 2023 +0000
URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=0c324425

dispatch-conf: copy SELinux labels to merged files

Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
Closes: https://github.com/gentoo/portage/pull/1099
Signed-off-by: Sam James <sam <AT> gentoo.org>

 bin/dispatch-conf | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/bin/dispatch-conf b/bin/dispatch-conf
index 154b26ff56..849be562ee 100755
--- a/bin/dispatch-conf
+++ b/bin/dispatch-conf
@@ -12,6 +12,7 @@
 #
 
 import atexit
+import errno
 import re
 import subprocess
 import sys
@@ -398,6 +399,8 @@ class dispatch:
                     mystat = os.lstat(conf["new"])
                     os.chmod(mrgconf, mystat[ST_MODE])
                     os.chown(mrgconf, mystat[ST_UID], mystat[ST_GID])
+                    if "selinux" in portage.settings.features:
+                        self.copy_selinux_label(conf["current"], mrgconf)
                     newconf = mrgconf
                     continue
                 elif c == "l":
@@ -434,6 +437,30 @@ class dispatch:
 
         perform_conf_update_session_hooks("post-session")
 
+    def copy_selinux_label(self, curconf, newconf):
+        """Copy the SELinux security label from the current config file to
+        the new/merged config file."""
+        try:
+            label = os.getxattr(curconf, "security.selinux")
+        except OSError as e:
+            if e.errno == errno.ENOTSUP:
+                # Filesystem does not support xattrs
+                return
+            writemsg(
+                f"dispatch-conf: Failed getting SELinux label on {curconf}; ignoring...\n",
+                noiselevel=-1,
+            )
+            return
+
+        if label:
+            try:
+                os.setxattr(newconf, "security.selinux", label)
+            except OSError:
+                writemsg(
+                    f"dispatch-conf: Failed setting SELinux label on {newconf}; ignoring...\n",
+                    noiselevel=-1,
+                )
+
     def replace(self, newconf, curconf):
         """Replace current config with the new/merged version.  Also logs
         the diff of what changed into the configured log file."""