mount-copybind: add SELinux support

bind mounts don't use the SELinux label of the target, but the SELinux label of the source. This patch restores the SELinux context of the bind mount recursively using restorecon. (From OE-Core rev: 6f3e231dc9bc11772573bf9683de9804460362d1) Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de> 2021-09-09 10:05:04 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-10-11 18:41:38 +0100
commit: e1d658ef1153ecb16acda19e3f6fe2edea7cf4e4 (patch)
tree: 8bde6e95cabba7aafa587cc0695d68ca1eaae26d
parent: 6c0a5594cc0aa02c154355e7b1d540ef5e26c9fe (diff)
download: poky-e1d658ef1153ecb16acda19e3f6fe2edea7cf4e4.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind
index e32e675308..57a5ce5f21 100755
--- a/meta/recipes-core/volatile-binds/files/mount-copybind
+++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -46,6 +46,12 @@ if [ -d "$mountpoint" ]; then
        fi
        mount -o "bind$options" "$spec" "$mountpoint"
+        # restore the selinux context.
+        if command -v selinuxenabled > /dev/null 2>&1; then
+            if selinuxenabled; then
+                restorecon -R "$mountpoint"
+            fi
+        fi
    fi
 elif [ -f "$mountpoint" ]; then
    if [ ! -f "$spec" ]; then
@@ -53,4 +59,10 @@ elif [ -f "$mountpoint" ]; then
    fi
    mount -o "bind$options" "$spec" "$mountpoint"
+    # restore the selinux context.
+    if command -v selinuxenabled > /dev/null 2>&1; then
+        if selinuxenabled; then
+            restorecon -R "$mountpoint"
+        fi
+    fi
 fi
author	Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>	2021-09-09 10:05:04 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-11 18:41:38 +0100
commit	e1d658ef1153ecb16acda19e3f6fe2edea7cf4e4 (patch)
tree	8bde6e95cabba7aafa587cc0695d68ca1eaae26d
parent	6c0a5594cc0aa02c154355e7b1d540ef5e26c9fe (diff)
download	poky-e1d658ef1153ecb16acda19e3f6fe2edea7cf4e4.tar.gz

diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind index e32e675308..57a5ce5f21 100755 --- a/meta/recipes-core/volatile-binds/files/mount-copybind +++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -46,6 +46,12 @@ if [ -d "$mountpoint" ]; then
46	fi	46	fi
47		47
48	mount -o "bind$options" "$spec" "$mountpoint"	48	mount -o "bind$options" "$spec" "$mountpoint"
		49	# restore the selinux context.
		50	if command -v selinuxenabled > /dev/null 2>&1; then
		51	if selinuxenabled; then
		52	restorecon -R "$mountpoint"
		53	fi
		54	fi
49	fi	55	fi
50	elif [ -f "$mountpoint" ]; then	56	elif [ -f "$mountpoint" ]; then
51	if [ ! -f "$spec" ]; then	57	if [ ! -f "$spec" ]; then
@@ -53,4 +59,10 @@ elif [ -f "$mountpoint" ]; then
53	fi	59	fi
54		60
55	mount -o "bind$options" "$spec" "$mountpoint"	61	mount -o "bind$options" "$spec" "$mountpoint"
		62	# restore the selinux context.
		63	if command -v selinuxenabled > /dev/null 2>&1; then
		64	if selinuxenabled; then
		65	restorecon -R "$mountpoint"
		66	fi
		67	fi
56	fi	68	fi