Accepting request 1172709 from home:jsegitz:branches:security:SELinux_varrun

- Fixed varrun-convert.sh script to not break because of duplicate
  entries

OBS-URL: https://build.opensuse.org/request/show/1172709
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=220

selinux-policy.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed May  8 11:06:43 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
+
+- Fixed varrun-convert.sh script to not break because of duplicate
+  entries
+
 -------------------------------------------------------------------
 Mon May  6 07:44:20 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
 

varrun-convert.sh

@@ -37,6 +37,7 @@ if ! grep -q ^/var/run ${FILE_CONTEXTS}; then
 fi
 
 EXTRA_VARRUN_ENTRIES_WITHDUP="$OUTPUTDIR/extra_varrun_entries_dup.txt"
+EXTRA_VARRUN_ENTRIES_WITHDUP_TMP="$OUTPUTDIR/extra_varrun_entries_dup.tmp"
 EXTRA_VARRUN_ENTRIES="$OUTPUTDIR/extra_varrun_entries.txt"
 EXTRA_VARRUN_CIL="$OUTPUTDIR/extra_varrun.cil"
 
@@ -47,12 +48,21 @@ grep ^/var/run ${FILE_CONTEXTS} > ${EXTRA_VARRUN_ENTRIES_WITHDUP}
 sed -i 's/[ \t]\+/ /g' ${EXTRA_VARRUN_ENTRIES_WITHDUP}
 sed 's/[ \t]\+/ /g' ${FILE_CONTEXTS} > ${FILE_CONTEXTS_UNIFIED}
 
+rm -f $EXTRA_VARRUN_ENTRIES_WITHDUP_TMP
+touch $EXTRA_VARRUN_ENTRIES_WITHDUP_TMP
 # Deduplicate already existing /var/run=/run entries
 while read line
 do
   subline="${line#/var}"
   if ! grep -q "^${subline}" ${FILE_CONTEXTS_UNIFIED}; then
+    # check for overal duplicate entries
+    subline2=$(echo $line | sed -E -e 's/ \S+$//')
+    if ! grep -q "^${subline2}" ${EXTRA_VARRUN_ENTRIES_WITHDUP_TMP}; then
       echo "$line"
+      echo "$line" >> $EXTRA_VARRUN_ENTRIES_WITHDUP_TMP
+    else
+      >&2 echo "DUP: $line"
+    fi
   fi
 done < ${EXTRA_VARRUN_ENTRIES_WITHDUP} > ${EXTRA_VARRUN_ENTRIES}