From 8efaf82828a09322fd30a78823245e2afa7531a2 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Jun 29 2021 16:19:10 +0000
Subject: Drop grub2 prelink configuration


A /etc/prelink.conf.d/grub2.conf is shipped to avoid SELinux to warn about
security violations when SELinux is enforced and allow_execstack is off.

But the tools have been fixed a long time ago and the allow list shouldn't
be needed anymore, let's just drop it.

Resolves: rhbz#1659675

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>

---

diff --git a/grub2.spec b/grub2.spec
index 3b167db..b47de5b 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -241,19 +241,6 @@ rm -vf ${RPM_BUILD_ROOT}/%{_sbindir}/%{name}-macbless
 
 %find_lang grub
 
-# Make selinux happy with exec stack binaries.
-mkdir ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/
-cat << EOF > ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/grub2.conf
-# these have execstack, and break under selinux
--b /usr/bin/grub2-script-check
--b /usr/bin/grub2-mkrelpath
--b /usr/bin/grub2-mount
--b /usr/bin/grub2-fstest
--b /usr/sbin/grub2-bios-setup
--b /usr/sbin/grub2-probe
--b /usr/sbin/grub2-sparc64-setup
-EOF
-
 # Install kernel-install scripts
 install -d -m 0755 %{buildroot}%{_prefix}/lib/kernel/install.d/
 install -D -m 0755 -t %{buildroot}%{_prefix}/lib/kernel/install.d/ %{SOURCE10}
@@ -411,7 +398,6 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %doc docs/font_char_metrics.png
 
 %files tools-minimal
-%{_sysconfdir}/prelink.conf.d/grub2.conf
 %{_sbindir}/%{name}-get-kernel-settings
 %{_sbindir}/%{name}-probe
 %attr(4755, root, root) %{_sbindir}/%{name}-set-bootflag