Drop grub2 prelink configuration

A /etc/prelink.conf.d/grub2.conf is shipped to avoid SELinux to warn about security violations when SELinux is enforced and allow_execstack is off. But the tools have been fixed a long time ago and the allow list shouldn't be needed anymore, let's just drop it. Resolves: rhbz#1659675 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-29 18:18:51 +02:00 · 2021-06-29 18:18:51 +02:00 · 8efaf82828
commit 8efaf82828
parent 504ecff2ed
1 changed files with 0 additions and 14 deletions
--- a/grub2.spec
+++ b/grub2.spec
@ -241,19 +241,6 @@ rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/%{name}-macbless

 %find_lang grub

-# Make selinux happy with exec stack binaries.
-mkdir ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/
-cat << EOF > ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/grub2.conf
-# these have execstack, and break under selinux
-b /usr/bin/grub2-script-check
-b /usr/bin/grub2-mkrelpath
-b /usr/bin/grub2-mount
-b /usr/bin/grub2-fstest
-b /usr/sbin/grub2-bios-setup
-b /usr/sbin/grub2-probe
-b /usr/sbin/grub2-sparc64-setup
-EOF
-
 # Install kernel-install scripts
 install -d -m 0755 %{buildroot}%{_prefix}/lib/kernel/install.d/
 install -D -m 0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE10}
@ -411,7 +398,6 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %doc docs/font_char_metrics.png

 %files tools-minimal
-%{_sysconfdir}/prelink.conf.d/grub2.conf
 %{_sbindir}/%{name}-get-kernel-settings
 %{_sbindir}/%{name}-probe
 %attr(4755, root, root) %{_sbindir}/%{name}-set-bootflag