[Buildroot] [PATCH 1/3] package/audit/S02auditd: fix SELinux label issues

[Arnout Vandecappelle]

In reply of:
> "mkdir -Z" tries to create the directory with the default type context
> and does not accept any parameter, leading to mkdir creating a
> directory by the name of "system_u:object_r:auditd_log_t" (or failing
> to, with a read-only rootfs). Use "--context=" instead to specify the
> context.
> 
> Letting start-stop-daemon create the auditd PID file leads to an
> incorrect label, with type "initrc_runtime_t" instead of
> "auditd_runtime_t", which would prevent auditd from writing or
> deleting it. Auditd manages its own PID file and daemonizes by
> default, so simply drop the --background and --make-pidfile options
> from start-stop-daemon.
> 
> Signed-off-by: Fiona Klute <fiona.klute at gmx.de>

Applied to 2025.02.x and 2025.08.x. Thanks

> ---
>  package/audit/S02auditd | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/audit/S02auditd b/package/audit/S02auditd
> index f32f01714e..97c43bc66f 100644
> --- a/package/audit/S02auditd
> +++ b/package/audit/S02auditd
> @@ -18,13 +18,13 @@ start(){
>  	# the directory with SELinux permissions if possible
>  	if command -v selabel_lookup >/dev/null 2>&1; then
>  		audit_log_selable="$(selabel_lookup -b file -k /var/log/audit | cut -d ' ' -f 3)"
> -		mkdir -p /var/log/audit -Z "${audit_log_selable}"
> +		mkdir -p --context="${audit_log_selable}" /var/log/audit
>  	else
>  		mkdir -p /var/log/audit
>  	fi
>  
> -	start-stop-daemon --start --background --make-pidfile \
> -		--pidfile "${PIDFILE}" --exec "/usr/sbin/${DAEMON}"
> +	start-stop-daemon --start --pidfile "${PIDFILE}" \
> +		--exec "/usr/sbin/${DAEMON}"
>  	status=$?
>  	if [ "${status}" -eq 0 ]; then
>  		# Load the default rules
> -- 
> 2.51.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot