[OpenWrt-Devel] [PATCH 4/7] include/image.mk: implement SELinux squashfs image generation
Daniel Golle
daniel at makrotopia.org
Thu Nov 28 18:01:26 EST 2019
Hi Thomas,
On Fri, Nov 22, 2019 at 10:55:38AM +0100, Thomas Petazzoni wrote:
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
> ---
> include/image.mk | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/include/image.mk b/include/image.mk
> index 8592c19b99..86b3edeb87 100644
> --- a/include/image.mk
> +++ b/include/image.mk
> @@ -239,13 +239,26 @@ endef
> $(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S))))
> $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))))
>
> -define Image/mkfs/squashfs
> +define Image/mkfs/squashfs-common
> $(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
> -nopad -noappend -root-owned \
> -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
> -processors 1
> endef
>
> +ifeq ($(CONFIG_PACKAGE_refpolicy),y)
> +define Image/mkfs/squashfs
> + echo "LD_LIBRARY_PATH=\$$LD_LIBRARY_PATH:$(STAGING_DIR_HOSTPKG)/lib $(STAGING_DIR_HOSTPKG)/sbin/setfiles -r $(call mkfs_target_dir,$(1)) $(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts $(call mkfs_target_dir,$(1))" > $@.fakeroot-script
> + echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
> + chmod +x $@.fakeroot-script
> + $(STAGING_DIR_HOST)/bin/fakeroot $@.fakeroot-script
> +endef
> +else
> +define Image/mkfs/squashfs
> + $(call Image/mkfs/squashfs-common,$(1))
> +endef
> +endif
> +
I thought about introducing fakeroot in a similar way before, but for
different purposes such as having setuid binaries or files owned by
users other than root contained in the rootfs.
Hence I believe it'd be good to always use fakeroot instead of using
'-root-owned', but that's a bit more work...
+1 for your work to enable SELinux in OpenWrt, I'll try to find time
for some testing that.
Cheers
Daniel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list