selinux-image: enable image labelling

selinux images attempt to label the filesystem image at creation time.
This depends on a native setfiles, though, which isn't guaranteed to be
present without the DEPEND addition.

If the 'setfiles' call fails, that shouldn't be fatal, though, it can
always be run at first boot time, as is commonly done with desktop and
server distros.

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>

1 files changed, 8 insertions, 1 deletions

diff --git a/classes/selinux-image.bbclass b/classes/selinux-image.bbclass
index 9303610..90ead2f 100644
--- a/classes/selinux-image.bbclass
+++ b/classes/selinux-image.bbclass
@@ -1,8 +1,15 @@
 selinux_set_labels () {
     POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config)
-    setfiles -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS} || exit 1;
+    if ! setfiles -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}
+    then
+        echo WARNING: Unable to set filesystem context, setfiles / restorecon must be run on the live image.
+        touch ${IMAGE_ROOTFS}/.autorelabel
+        exit 0
+    fi
 }
 
+DEPENDS += "policycoreutils-native"
+
 IMAGE_PREPROCESS_COMMAND += "selinux_set_labels ;"
 
 inherit core-image