[yocto] [meta-selinux][master][rocko][PATCH] selinux-image: fix labeling on non-seclabel mounts
George McCollister
george.mccollister at gmail.com
Tue May 22 07:47:12 PDT 2018
Use -m to prevent non-seclabel mounts from being excluded from labeling.
After the following commit setfiles will no longer label files on a
mount other than / if it doesn't have seclabel listed in /proc/mounts:
https://github.com/SELinuxProject/selinux/commit/f2e77865e144ab2e1313aa78d99b969f8f48695e#diff-2de9aefdd8fc5bc6a8740533e5d1cc2e
Signed-off-by: George McCollister <george.mccollister at gmail.com>
---
classes/selinux-image.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/classes/selinux-image.bbclass b/classes/selinux-image.bbclass
index 90ead2f..5174dc5 100644
--- a/classes/selinux-image.bbclass
+++ b/classes/selinux-image.bbclass
@@ -1,6 +1,6 @@
selinux_set_labels () {
POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config)
- if ! setfiles -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}
+ if ! setfiles -m -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}
then
echo WARNING: Unable to set filesystem context, setfiles / restorecon must be run on the live image.
touch ${IMAGE_ROOTFS}/.autorelabel
--
2.16.0
More information about the yocto
mailing list