blob: b4f9321c1d0df9a6928cee7eb08efdeecf8705bd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
selinux_set_labels() {
if [ -f ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config ]; then
POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config)
if ! setfiles -m -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}
then
bbwarn "Failed to set security contexts. Restoring security contexts will run on first boot."
echo "# first boot relabelling" > ${IMAGE_ROOTFS}/.autorelabel
fi
fi
}
# The selinux_set_labels function should run as late as possible. Append
# it to IMAGE_PREPROCESS_COMMAND in RecipePreFinalise event handler,
# this ensures it is the last function in IMAGE_PREPROCESS_COMMAND.
python selinux_setlabels_handler() {
if not d or 'selinux' not in d.getVar('DISTRO_FEATURES').split():
return
if d.getVar('FIRST_BOOT_RELABEL') == '1':
return
d.appendVar('IMAGE_PREPROCESS_COMMAND', ' selinux_set_labels; ')
d.appendVarFlag('do_image', 'depends', ' policycoreutils-native:do_populate_sysroot')
}
addhandler selinux_setlabels_handler
selinux_setlabels_handler[eventmask] = "bb.event.RecipePreFinalise"
inherit core-image
|