From nobody Sun Feb  8 20:15:53 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1628272124; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Xa5gXjesN3UnHEUVUX4BDHNLIuuPjT8n+uN3fktO5oZDnwFV6sQDRziJbMfBM5TYTx1WWV3NaLztc/dF+iIAfMtxPFNCpXanHoOAeajmRRfq700lKnCIFG0tnkZB0qWSJH+6buJNGgNa38fBRVM9cTgLwl4+1LsR2kbOHwX5HDI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1628272124;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=yCDHzfWVoX+IO1r2q1s7OavGm8th4K0aiHKC5mtZwJ0=;
	b=bjbEtsFnJZmQNvepE21AtHVu7DIjBDir/soF978ekQQnc058NXrMVt6csIizfBT1A3bENOZDykdBOCujlq+phdM2ilkh3lKAcPngWhsu/pAnNqTHawqCKL2FpDjXxcTpXjvbOd3ScWRBAXee1JRb0Xeb22xDLffjUqJsD8NNdds=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 16282721242501022.238608151002;
 Fri, 6 Aug 2021 10:48:44 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-430-K8B8hHSMNRO-Rxq0CXsJ5A-1; Fri, 06 Aug 2021 13:48:38 -0400
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EB09B802C88;
	Fri,  6 Aug 2021 17:48:32 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C65985194B;
	Fri,  6 Aug 2021 17:48:32 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 91823181A2AC;
	Fri,  6 Aug 2021 17:48:32 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 176HmNCU000726 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 6 Aug 2021 13:48:23 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 1EB0B6A056; Fri,  6 Aug 2021 17:48:23 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.169])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 208B47A8D6;
	Fri,  6 Aug 2021 17:48:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1628272123;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=yCDHzfWVoX+IO1r2q1s7OavGm8th4K0aiHKC5mtZwJ0=;
	b=ilOJq2uXEB2oIIBde3+Djc4TZ4DdtnJNFTGLRK4TpLuA3RlXUEoUn7I98aHpZJ6+utndzF
	t3AcQtM7lA2i1L5//17YzlM8gmT0hdGYJZhU/hhC2YS3pKznOAJeiGf81oZp0Gm+Q5XRjS
	YqrtPtEmZ792+5bjq7JUi1YMg0T2/Cg=
X-MC-Unique: K8B8hHSMNRO-Rxq0CXsJ5A-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 05/13] selinux: don't hardcode paths to selinux tools
Date: Fri,  6 Aug 2021 18:48:02 +0100
Message-Id: <20210806174810.3730064-6-berrange@redhat.com>
In-Reply-To: <20210806174810.3730064-1-berrange@redhat.com>
References: <20210806174810.3730064-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: Vit Mojzis <vmojzis@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1628272126029100002

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 scripts/selinux-compile-policy.py    | 18 +++++++++++-------
 src/security/selinux/mcs/meson.build |  3 ++-
 src/security/selinux/meson.build     |  2 ++
 src/security/selinux/mls/meson.build |  3 ++-
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-po=
licy.py
index 95f0741d1a..31b9113a5d 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -24,9 +24,10 @@ import sys
 import os
 import glob
=20
-if len(sys.argv) !=3D 7:
-    print(("Usage: {} <policy>.te <policy>.if <policy>.fc <output>.pp <tmp=
dir>"
-           " <type (mls/mcs)>").format(sys.argv[0]), file=3Dsys.stderr)
+if len(sys.argv) !=3D 9:
+    print("Usage: {} <policy>.te <policy>.if <policy>.fc <output>.pp "
+          "<tmpdir> <type (mls/mcs)> <checkmodpath> <semodpath>"
+          .format(sys.argv[0]), file=3Dsys.stderr)
     exit(os.EX_USAGE)
=20
 module_name =3D os.path.splitext(os.path.basename(sys.argv[1]))[0]
@@ -40,6 +41,9 @@ if sys.argv[6] =3D=3D "mls":
 else:
     m4param =3D ["-D", "enable_mcs"] + m4param
=20
+checkmod_path =3D sys.argv[7]
+semod_path =3D sys.argv[8]
+
 SHAREDIR =3D "/usr/share/selinux"
 HEADERDIR =3D os.path.join(SHAREDIR, "devel/include")
=20
@@ -114,8 +118,8 @@ with open(os.path.join(sys.argv[5], "{}.tmp".format(mod=
ule_name)),
                     os.path.join(sys.argv[5], "all_interfaces.conf"),
                     sys.argv[1]], stdout=3Dtmp_file, check=3DTrue)
=20
-# /usr/bin/checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
-subprocess.run(["/usr/bin/checkmodule",
+# checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
+subprocess.run([checkmod_path,
                 "-M",
                 "-m",
                 os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
@@ -132,9 +136,9 @@ with open(os.path.join(sys.argv[5],
                    stdout=3Dmod_fc_file, check=3DTrue)
=20
 # %.pp
-# /usr/bin/semodule_package -o $4 -m $5/$MODULE_NAME.mod
+# semodule_package -o $4 -m $5/$MODULE_NAME.mod
 #   -f $5/$MODULE_NAME.mod.fc
-subprocess.run(["/usr/bin/semodule_package",
+subprocess.run([semod_path,
                 "-o",
                 sys.argv[4],
                 "-m",
diff --git a/src/security/selinux/mcs/meson.build b/src/security/selinux/mc=
s/meson.build
index 113148851e..0f2edc2b76 100644
--- a/src/security/selinux/mcs/meson.build
+++ b/src/security/selinux/mcs/meson.build
@@ -9,7 +9,8 @@ virt_pp =3D custom_target('virt.pp',
   output : 'virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
-             'selinux/mcs/tmp', 'mcs'],
+             'selinux/mcs/tmp', 'mcs',
+             checkmod_prog, semod_prog],
   install : false)
=20
 bzip =3D custom_target('virt.pp.bz2',
diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.=
build
index 8db485a561..bd9abc9a33 100644
--- a/src/security/selinux/meson.build
+++ b/src/security/selinux/meson.build
@@ -1,3 +1,5 @@
+semod_prog =3D find_program('semodule_package')
+checkmod_prog =3D find_program('checkmodule')
 bzip2_prog =3D find_program('bzip2')
=20
 install_data('virt.if', install_dir : 'share/selinux/devel/include/distrib=
uted')
diff --git a/src/security/selinux/mls/meson.build b/src/security/selinux/ml=
s/meson.build
index 7f3233f1bd..2c866c548c 100644
--- a/src/security/selinux/mls/meson.build
+++ b/src/security/selinux/mls/meson.build
@@ -9,7 +9,8 @@ virt_pp_mls =3D custom_target('virt.pp',
   output : 'virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
-             'selinux/mls/tmp', 'mls'],
+             'selinux/mls/tmp', 'mls',
+             checkmod_prog, semod_prog],
   install : false)
=20
 bzip_mls =3D custom_target('virt.pp.bz2',
--=20
2.31.1