From nobody Sun Feb  8 23:09:18 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1628272125; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Nj+kEj68Zqp0NtKVi+gDjYfgCt9rcaNY1yFcHmMLlZvOjvN7vEgomoKLYJuCtG/dchnQau5OODBon/uxRV1xpmw1fBrBFAbR/WE0Rrz2BT5aCclkjjmMr4ErcxQshPbXbPymC1mzDkvgp1I+EbKa6lv2mXB6o/EZtaxjbqjVsr4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1628272125;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=wZsyXxcIcJuuX/sx1c/EvW+a85eULa3CbzxzJygE2Fw=;
	b=jBs3iB/SgZdrRPguLKjh5rzyb3er64nShEUS4kHnABG7WJcivl4fYvcqJ2v1Af6isqkMgfS3ZeAiCInuOUXtWoTNiv5dpdVr7Vu80O0v+ww0fRAEv5J3MHIjTyh46IpQD3KbSLAZr3mPdGAvd88w194R8XHbm4Mbhb/lGU5ToDE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1628272125105731.8846870117977;
 Fri, 6 Aug 2021 10:48:45 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-236-06uRBoOlPCy0NFe0F_FURA-1; Fri, 06 Aug 2021 13:48:42 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 005E51006C8F;
	Fri,  6 Aug 2021 17:48:36 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D51D760CA1;
	Fri,  6 Aug 2021 17:48:35 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id A0817181A3F2;
	Fri,  6 Aug 2021 17:48:35 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 176HmOXT000741 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 6 Aug 2021 13:48:24 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 91F7B60C59; Fri,  6 Aug 2021 17:48:24 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.169])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 8A43F2B399;
	Fri,  6 Aug 2021 17:48:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1628272124;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=wZsyXxcIcJuuX/sx1c/EvW+a85eULa3CbzxzJygE2Fw=;
	b=cwE5o3d0lbMgXVvdkxnKSJYM4O9NwCWviclljou5l4f44UZIO7hMuzO3Xvzh3ebzcC92uo
	IwKF7rrKDh6XzzM67unWl0m3Zu5p7amKvpU9RE3MOH4ujhBL9g/rYIIk0qzo7DrWFpLAk2
	0wpxGJIu4WVYD39YCN05JY2a0frb7U8=
X-MC-Unique: 06uRBoOlPCy0NFe0F_FURA-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 06/13] selinux: don't hardcode policy include files
	directory
Date: Fri,  6 Aug 2021 18:48:03 +0100
Message-Id: <20210806174810.3730064-7-berrange@redhat.com>
In-Reply-To: <20210806174810.3730064-1-berrange@redhat.com>
References: <20210806174810.3730064-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: Vit Mojzis <vmojzis@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1628272126120100003

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 meson_options.txt                    |  1 +
 scripts/selinux-compile-policy.py    | 15 +++++++--------
 src/security/selinux/mcs/meson.build |  3 ++-
 src/security/selinux/meson.build     |  2 ++
 src/security/selinux/mls/meson.build |  3 ++-
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/meson_options.txt b/meson_options.txt
index 859ed36b8f..7287cf1222 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -39,6 +39,7 @@ option('sanlock', type: 'feature', value: 'auto', descrip=
tion: 'sanlock support'
 option('sasl', type: 'feature', value: 'auto', description: 'sasl support')
 option('selinux', type: 'feature', value: 'auto', description: 'selinux su=
pport')
 option('selinux_mount', type: 'string', value: '', description: 'set SELin=
ux mount point')
+option('selinux_policy_includes', type: 'string', value: '/usr/share/selin=
ux/devel/include', description: 'SELinux policy include directory')
 option('udev', type: 'feature', value: 'auto', description: 'udev support')
 option('wireshark_dissector', type: 'feature', value: 'auto', description:=
 'wireshark support')
 option('wireshark_plugindir', type: 'string', value: '', description: 'wir=
eshark plugins directory for use when installing wireshark plugin')
diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-po=
licy.py
index 31b9113a5d..3890b4e55a 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -24,9 +24,10 @@ import sys
 import os
 import glob
=20
-if len(sys.argv) !=3D 9:
+if len(sys.argv) !=3D 10:
     print("Usage: {} <policy>.te <policy>.if <policy>.fc <output>.pp "
-          "<tmpdir> <type (mls/mcs)> <checkmodpath> <semodpath>"
+          "<tmpdir> <type (mls/mcs)> <checkmodpath> <semodpath> "
+          "<policyincludepath>"
           .format(sys.argv[0]), file=3Dsys.stderr)
     exit(os.EX_USAGE)
=20
@@ -43,14 +44,12 @@ else:
=20
 checkmod_path =3D sys.argv[7]
 semod_path =3D sys.argv[8]
+policy_includes =3D sys.argv[9]
=20
-SHAREDIR =3D "/usr/share/selinux"
-HEADERDIR =3D os.path.join(SHAREDIR, "devel/include")
-
-m4support =3D sorted(glob.glob("{}/support/*.spt".format(HEADERDIR)))
-header_layers =3D glob.glob("{}/*/".format(HEADERDIR))
+m4support =3D sorted(glob.glob("{}/support/*.spt".format(policy_includes)))
+header_layers =3D glob.glob("{}/*/".format(policy_includes))
 header_layers =3D sorted([x for x in header_layers
-                        if os.path.join(HEADERDIR, "support") not in x])
+                        if os.path.join(policy_includes, "support") not in=
 x])
=20
 header_interfaces =3D []
 for layer in header_layers:
diff --git a/src/security/selinux/mcs/meson.build b/src/security/selinux/mc=
s/meson.build
index 0f2edc2b76..9ecfe976db 100644
--- a/src/security/selinux/mcs/meson.build
+++ b/src/security/selinux/mcs/meson.build
@@ -10,7 +10,8 @@ virt_pp =3D custom_target('virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
              'selinux/mcs/tmp', 'mcs',
-             checkmod_prog, semod_prog],
+             checkmod_prog, semod_prog,
+             selinux_policy_includes],
   install : false)
=20
 bzip =3D custom_target('virt.pp.bz2',
diff --git a/src/security/selinux/meson.build b/src/security/selinux/meson.=
build
index bd9abc9a33..dda8730141 100644
--- a/src/security/selinux/meson.build
+++ b/src/security/selinux/meson.build
@@ -2,6 +2,8 @@ semod_prog =3D find_program('semodule_package')
 checkmod_prog =3D find_program('checkmodule')
 bzip2_prog =3D find_program('bzip2')
=20
+selinux_policy_includes =3D get_option('selinux_policy_includes')
+
 install_data('virt.if', install_dir : 'share/selinux/devel/include/distrib=
uted')
=20
 subdir('mcs')
diff --git a/src/security/selinux/mls/meson.build b/src/security/selinux/ml=
s/meson.build
index 2c866c548c..ef72a5f5ec 100644
--- a/src/security/selinux/mls/meson.build
+++ b/src/security/selinux/mls/meson.build
@@ -10,7 +10,8 @@ virt_pp_mls =3D custom_target('virt.pp',
   input : selinux_sources,
   command : [selinux_compile_policy_prog, '@INPUT@', '@OUTPUT@',
              'selinux/mls/tmp', 'mls',
-             checkmod_prog, semod_prog],
+             checkmod_prog, semod_prog,
+             selinux_policy_includes],
   install : false)
=20
 bzip_mls =3D custom_target('virt.pp.bz2',
--=20
2.31.1