diff options
author | Joe MacDonald <joe_macdonald@mentor.com> | 2017-05-02 21:17:20 -0400 |
---|---|---|
committer | Joe MacDonald <joe_macdonald@mentor.com> | 2017-05-02 21:21:44 -0400 |
commit | 849cd74b5ff3c915356ae7411746194728594212 (patch) | |
tree | 424378bc24fd1cd397a062623b9ecdae0fe12fc2 | |
parent | 5809730ec52d2f7b6680024f9f2ec5bc3e9ca3ce (diff) | |
download | meta-selinux-849cd74b5ff3c915356ae7411746194728594212.tar.gz |
selinux-image: enable image labelling
selinux images attempt to label the filesystem image at creation time.
This depends on a native setfiles, though, which isn't guaranteed to be
present without the DEPEND addition.
If the 'setfiles' call fails, that shouldn't be fatal, though, it can
always be run at first boot time, as is commonly done with desktop and
server distros.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-rw-r--r-- | classes/selinux-image.bbclass | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/classes/selinux-image.bbclass b/classes/selinux-image.bbclass index 9303610..90ead2f 100644 --- a/classes/selinux-image.bbclass +++ b/classes/selinux-image.bbclass | |||
@@ -1,8 +1,15 @@ | |||
1 | selinux_set_labels () { | 1 | selinux_set_labels () { |
2 | POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config) | 2 | POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config) |
3 | setfiles -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS} || exit 1; | 3 | if ! setfiles -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS} |
4 | then | ||
5 | echo WARNING: Unable to set filesystem context, setfiles / restorecon must be run on the live image. | ||
6 | touch ${IMAGE_ROOTFS}/.autorelabel | ||
7 | exit 0 | ||
8 | fi | ||
4 | } | 9 | } |
5 | 10 | ||
11 | DEPENDS += "policycoreutils-native" | ||
12 | |||
6 | IMAGE_PREPROCESS_COMMAND += "selinux_set_labels ;" | 13 | IMAGE_PREPROCESS_COMMAND += "selinux_set_labels ;" |
7 | 14 | ||
8 | inherit core-image | 15 | inherit core-image |