[openwrt/openwrt] image.mk: evaluate /etc/selinux/config to choose SELinux policy
LEDE Commits
lede-commits at lists.infradead.org
Mon Sep 28 20:50:06 EDT 2020
dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/26aa7952d539f85dd60e36a5fcc37925a9b92d65
commit 26aa7952d539f85dd60e36a5fcc37925a9b92d65
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Tue Sep 29 01:46:25 2020 +0100
image.mk: evaluate /etc/selinux/config to choose SELinux policy
Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config
in rootfs to choose according to which policy files in the rootfs got
to be labeled.
Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
include/image.mk | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/include/image.mk b/include/image.mk
index f72095db56..28f40fe6a9 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -243,10 +243,11 @@ endef
ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
define Image/mkfs/squashfs
+ echo ". $(call mkfs_target_dir,$(1))/etc/selinux/config" > $@.fakeroot-script
echo "$(STAGING_DIR_HOST)/bin/setfiles -r" \
"$(call mkfs_target_dir,$(1))" \
- "$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \
- "$(call mkfs_target_dir,$(1))" > $@.fakeroot-script
+ "$(call mkfs_target_dir,$(1))/etc/selinux/\$${SELINUXTYPE}/contexts/files/file_contexts " \
+ "$(call mkfs_target_dir,$(1))" >> $@.fakeroot-script
echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
chmod +x $@.fakeroot-script
$(FAKEROOT) "$@.fakeroot-script"
More information about the lede-commits
mailing list