Djam/livecd-tools
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/livecd-tools.git synced 2025-02-23 15:42:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

patch: perform selinux labelling inside chroot

Browse source
This commit is contained in:
Mikhail Novosyolov 2019-09-07 15:18:15 +03:00
parent b205628235
commit a722374987
2 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
0004-Selinux-labelling-inside-chroot.patch Normal file
View file

@ -0,0 +1,32 @@
From a040d5571473f6266764c758835e71ecb301d10b Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sat, 7 Sep 2019 15:13:45 +0300
Subject: [PATCH] Selinux labelling inside chroot
Label the fs according to selinux policy inside that fs instead of labeling from out side the target chroot.
In the second case the policy from the host was used instead of the policy from the target chroot.
---
imgcreate/creator.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/imgcreate/creator.py b/imgcreate/creator.py
index 9a07f62..cb1c742 100644
--- a/imgcreate/creator.py
+++ b/imgcreate/creator.py
@@ -459,10 +459,10 @@ class ImageCreator(object):
subprocess.call(arglist, close_fds = True)
if kickstart.selinux_enabled(self.ks):
- # label the fs like it is a root before the bind mounting
- arglist = ["/sbin/setfiles", "-F", "-r", self._instroot, selinux.selinux_file_context_path(), self._instroot]
+ # label the fs according to selinux policy inside that fs
+ arglist = ["/sbin/setfiles", "-F", "-p", selinux.selinux_file_context_path(), "/"]
print("Running SELinux relabling: ", arglist)
- subprocess.call(arglist, close_fds = True)
+ subprocess.call(arglist, preexec_fn=self.chroot, close_fds = True)
# these dumb things don't get magically fixed, so make the user generic
# if selinux exists on the host we need to lie to the chroot
if selinux.is_selinux_enabled():
--
2.20.1

3
livecd-tools.spec
View file

@ -3,7 +3,7 @@
Summary: Tools for building live CDs
Name: livecd-tools
Version: 21.1
Release: 60
Release: 61
Epoch: 1
License: GPLv2+
Group: System/Base
@ -36,6 +36,7 @@ Patch23: livecd-tools-21.1-genisoimage.patch
Patch24: 0001-Run-setfiles-after-chroot.patch
Patch25: 0002-Get-system-architecture-by-bin-sh-executable-instead.patch
Patch26: 0003-Debug-SELinux-relabling-print-arguements-of-setfiles.patch
Patch27: 0004-Selinux-labelling-inside-chroot.patch
Requires: python-imgcreate = %{EVRD}
Requires: dosfstools