diff options
author | Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de> | 2021-09-09 10:05:04 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-10-11 18:41:38 +0100 |
commit | e1d658ef1153ecb16acda19e3f6fe2edea7cf4e4 (patch) | |
tree | 8bde6e95cabba7aafa587cc0695d68ca1eaae26d /meta/recipes-core | |
parent | 6c0a5594cc0aa02c154355e7b1d540ef5e26c9fe (diff) | |
download | poky-e1d658ef1153ecb16acda19e3f6fe2edea7cf4e4.tar.gz |
mount-copybind: add SELinux support
bind mounts don't use the SELinux label of the target, but the SELinux
label of the source.
This patch restores the SELinux context of the bind mount recursively using
restorecon.
(From OE-Core rev: 6f3e231dc9bc11772573bf9683de9804460362d1)
Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rwxr-xr-x | meta/recipes-core/volatile-binds/files/mount-copybind | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind index e32e675308..57a5ce5f21 100755 --- a/meta/recipes-core/volatile-binds/files/mount-copybind +++ b/meta/recipes-core/volatile-binds/files/mount-copybind | |||
@@ -46,6 +46,12 @@ if [ -d "$mountpoint" ]; then | |||
46 | fi | 46 | fi |
47 | 47 | ||
48 | mount -o "bind$options" "$spec" "$mountpoint" | 48 | mount -o "bind$options" "$spec" "$mountpoint" |
49 | # restore the selinux context. | ||
50 | if command -v selinuxenabled > /dev/null 2>&1; then | ||
51 | if selinuxenabled; then | ||
52 | restorecon -R "$mountpoint" | ||
53 | fi | ||
54 | fi | ||
49 | fi | 55 | fi |
50 | elif [ -f "$mountpoint" ]; then | 56 | elif [ -f "$mountpoint" ]; then |
51 | if [ ! -f "$spec" ]; then | 57 | if [ ! -f "$spec" ]; then |
@@ -53,4 +59,10 @@ elif [ -f "$mountpoint" ]; then | |||
53 | fi | 59 | fi |
54 | 60 | ||
55 | mount -o "bind$options" "$spec" "$mountpoint" | 61 | mount -o "bind$options" "$spec" "$mountpoint" |
62 | # restore the selinux context. | ||
63 | if command -v selinuxenabled > /dev/null 2>&1; then | ||
64 | if selinuxenabled; then | ||
65 | restorecon -R "$mountpoint" | ||
66 | fi | ||
67 | fi | ||
56 | fi | 68 | fi |