From: Daniel Golle Date: Tue, 29 Sep 2020 00:46:25 +0000 (+0100) Subject: image.mk: evaluate /etc/selinux/config to choose SELinux policy X-Git-Tag: v21.02.0-rc1~1442 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=26aa7952d539f85dd60e36a5fcc37925a9b92d65;p=openwrt%2Fstaging%2Fhauke.git image.mk: evaluate /etc/selinux/config to choose SELinux policy Instead of hardcoding 'targeted' policy, evaluate /etc/selinux/config in rootfs to choose according to which policy files in the rootfs got to be labeled. Signed-off-by: Daniel Golle --- diff --git a/include/image.mk b/include/image.mk index f72095db56..28f40fe6a9 100644 --- a/include/image.mk +++ b/include/image.mk @@ -243,10 +243,11 @@ endef ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y) define Image/mkfs/squashfs + echo ". $(call mkfs_target_dir,$(1))/etc/selinux/config" > $@.fakeroot-script echo "$(STAGING_DIR_HOST)/bin/setfiles -r" \ "$(call mkfs_target_dir,$(1))" \ - "$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \ - "$(call mkfs_target_dir,$(1))" > $@.fakeroot-script + "$(call mkfs_target_dir,$(1))/etc/selinux/\$${SELINUXTYPE}/contexts/files/file_contexts " \ + "$(call mkfs_target_dir,$(1))" >> $@.fakeroot-script echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script chmod +x $@.fakeroot-script $(FAKEROOT) "$@.fakeroot-script"