aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Golle <daniel@makrotopia.org>2020-09-29 01:46:25 +0100
committerDaniel Golle <daniel@makrotopia.org>2020-09-29 01:48:27 +0100
commit26aa7952d539f85dd60e36a5fcc37925a9b92d65 (patch)
tree0c71b84987c9bfa9901a25919a194e682ee64f3f
parent96d1dc5ebfbbf68f960610407a83423915e5e966 (diff)
downloadupstream-26aa7952d539f85dd60e36a5fcc37925a9b92d65.tar.gz
upstream-26aa7952d539f85dd60e36a5fcc37925a9b92d65.tar.bz2
upstream-26aa7952d539f85dd60e36a5fcc37925a9b92d65.zip
image.mk: evaluate /etc/selinux/config to choose SELinux policy
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config in rootfs to choose according to which policy files in the rootfs got to be labeled. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
-rw-r--r--include/image.mk5
1 files changed, 3 insertions, 2 deletions
diff --git a/include/image.mk b/include/image.mk
index f72095db56..28f40fe6a9 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -243,10 +243,11 @@ endef
ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
define Image/mkfs/squashfs
+ echo ". $(call mkfs_target_dir,$(1))/etc/selinux/config" > $@.fakeroot-script
echo "$(STAGING_DIR_HOST)/bin/setfiles -r" \
"$(call mkfs_target_dir,$(1))" \
- "$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \
- "$(call mkfs_target_dir,$(1))" > $@.fakeroot-script
+ "$(call mkfs_target_dir,$(1))/etc/selinux/\$${SELINUXTYPE}/contexts/files/file_contexts " \
+ "$(call mkfs_target_dir,$(1))" >> $@.fakeroot-script
echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
chmod +x $@.fakeroot-script
$(FAKEROOT) "$@.fakeroot-script"