mirrors/openwrt
0
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-04 15:26:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

image.mk: evaluate /etc/selinux/config to choose SELinux policy

Browse Source 
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit is contained in:
Daniel Golle 2020-09-29 01:46:25 +01:00
parent 96d1dc5ebf
commit 26aa7952d5
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/image.mk
View File

@ -243,10 +243,11 @@ endef
ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
define Image/mkfs/squashfs
echo ". $(call mkfs_target_dir,$(1))/etc/selinux/config" > $@.fakeroot-script
echo "$(STAGING_DIR_HOST)/bin/setfiles -r" \
"$(call mkfs_target_dir,$(1))" \
"$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \
"$(call mkfs_target_dir,$(1))" > $@.fakeroot-script
"$(call mkfs_target_dir,$(1))/etc/selinux/\$${SELINUXTYPE}/contexts/files/file_contexts " \
"$(call mkfs_target_dir,$(1))" >> $@.fakeroot-script
echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
chmod +x $@.fakeroot-script
$(FAKEROOT) "$@.fakeroot-script"