diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2023-09-22 10:22:35 +0800 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2023-10-12 10:14:19 -0400 |
| commit | e29104086eaf72dae37140226113c694917b5b23 (patch) | |
| tree | 6de1b5574d9cd5052428996bc0ced08c9c694a38 | |
| parent | 46ec0414b4dff45de7c44a11ae4cc275982eca6f (diff) | |
| download | meta-selinux-e29104086eaf72dae37140226113c694917b5b23.tar.gz | |
selinux-autorelabel: enable labeling during build
Previously, system using systemd would label selinux contexts on first
boot. While system using sysvinit would label during build. Add a
variable FIRST_BOOT_RELABEL as a switch to control labeling to make the
behavior of sysvinit and systemd consistent.
Set FIRST_BOOT_RELABEL to 1 in local.conf to enable labeling on first
boot.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
| -rw-r--r-- | recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb b/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb index a919445..9fd066c 100644 --- a/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb +++ b/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb | |||
| @@ -20,7 +20,7 @@ INITSCRIPT_PARAMS = "start 01 S ." | |||
| 20 | require selinux-initsh.inc | 20 | require selinux-initsh.inc |
| 21 | 21 | ||
| 22 | do_install:append() { | 22 | do_install:append() { |
| 23 | if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then | 23 | if ${@bb.utils.contains('FIRST_BOOT_RELABEL', '1', 'true', 'false', d)}; then |
| 24 | echo "# first boot relabelling" > ${D}/.autorelabel | 24 | echo "# first boot relabelling" > ${D}/.autorelabel |
| 25 | fi | 25 | fi |
| 26 | } | 26 | } |