selinux-image: fix labeling on non-seclabel mounts

Use -m to prevent non-seclabel mounts from being excluded from labeling. After the following commit setfiles will no longer label files on a mount other than / if it doesn't have seclabel listed in /proc/mounts: https://github.com/SELinuxProject/selinux/commit/f2e77865e144ab2e1313aa78d99b969f8f48695e#diff-2de9aefdd8fc5bc6a8740533e5d1cc2e Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: George McCollister <george.mccollister@gmail.com> 2018-05-22 09:47:12 -0500
committer: Joe MacDonald <joe_macdonald@mentor.com> 2018-08-13 11:20:32 -0400
commit: 8ecad12b2ccb612fdf4906392d26fa6bfae20460 (patch)
tree: 4c854a9e0112dadf6853aacf20d2ecde877eaff8
parent: 4df58585fc034482d5d16670479416aa86387750 (diff)
download: meta-selinux-8ecad12b2ccb612fdf4906392d26fa6bfae20460.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/classes/selinux-image.bbclass b/classes/selinux-image.bbclass
index 90ead2f..5174dc5 100644
--- a/classes/selinux-image.bbclass
+++ b/classes/selinux-image.bbclass
@@ -1,6 +1,6 @@
 selinux_set_labels () {
    POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config)
-    if ! setfiles -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}
+    if ! setfiles -m -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}
    then
        echo WARNING: Unable to set filesystem context, setfiles / restorecon must be run on the live image.
        touch ${IMAGE_ROOTFS}/.autorelabel
author	George McCollister <george.mccollister@gmail.com>	2018-05-22 09:47:12 -0500
committer	Joe MacDonald <joe_macdonald@mentor.com>	2018-08-13 11:20:32 -0400
commit	8ecad12b2ccb612fdf4906392d26fa6bfae20460 (patch)
tree	4c854a9e0112dadf6853aacf20d2ecde877eaff8
parent	4df58585fc034482d5d16670479416aa86387750 (diff)
download	meta-selinux-8ecad12b2ccb612fdf4906392d26fa6bfae20460.tar.gz

diff --git a/classes/selinux-image.bbclass b/classes/selinux-image.bbclass index 90ead2f..5174dc5 100644 --- a/classes/selinux-image.bbclass +++ b/classes/selinux-image.bbclass
@@ -1,6 +1,6 @@
1	selinux_set_labels () {	1	selinux_set_labels () {
2	POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]=[[:space:]]\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config)	2	POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]=[[:space:]]\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config)
3	if ! setfiles -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}	3	if ! setfiles -m -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS}
4	then	4	then
5	echo WARNING: Unable to set filesystem context, setfiles / restorecon must be run on the live image.	5	echo WARNING: Unable to set filesystem context, setfiles / restorecon must be run on the live image.
6	touch ${IMAGE_ROOTFS}/.autorelabel	6	touch ${IMAGE_ROOTFS}/.autorelabel