[Buildroot] [git commit branch/2025.08.x] package/audit/S02auditd: fix SELinux label issues

[Arnout Vandecappelle]

commit: https://git.buildroot.net/buildroot/commit/?id=b80d90654ada6e573b406e284b55cb44ece3a2de
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2025.08.x

"mkdir -Z" tries to create the directory with the default type context
and does not accept any parameter, leading to mkdir creating a
directory by the name of "system_u:object_r:auditd_log_t" (or failing
to, with a read-only rootfs). Use "--context=" instead to specify the
context.

Letting start-stop-daemon create the auditd PID file leads to an
incorrect label, with type "initrc_runtime_t" instead of
"auditd_runtime_t", which would prevent auditd from writing or
deleting it. Auditd manages its own PID file and daemonizes by
default, so simply drop the --background and --make-pidfile options
from start-stop-daemon.

Signed-off-by: Fiona Klute <fiona.klute at gmx.de>
Signed-off-by: Julien Olivain <ju.o at free.fr>
(cherry picked from commit 3fdce2464744ad1b8a85ee37b6ef830806d81157)
Signed-off-by: Thomas Perale <thomas.perale at mind.be>
---
 package/audit/S02auditd | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/audit/S02auditd b/package/audit/S02auditd
index f32f01714e..97c43bc66f 100644
--- a/package/audit/S02auditd
+++ b/package/audit/S02auditd
@@ -18,13 +18,13 @@ start(){
 	# the directory with SELinux permissions if possible
 	if command -v selabel_lookup >/dev/null 2>&1; then
 		audit_log_selable="$(selabel_lookup -b file -k /var/log/audit | cut -d ' ' -f 3)"
-		mkdir -p /var/log/audit -Z "${audit_log_selable}"
+		mkdir -p --context="${audit_log_selable}" /var/log/audit
 	else
 		mkdir -p /var/log/audit
 	fi
 
-	start-stop-daemon --start --background --make-pidfile \
-		--pidfile "${PIDFILE}" --exec "/usr/sbin/${DAEMON}"
+	start-stop-daemon --start --pidfile "${PIDFILE}" \
+		--exec "/usr/sbin/${DAEMON}"
 	status=$?
 	if [ "${status}" -eq 0 ]; then
 		# Load the default rules