diff options
| author |   Maximilian Blenk <Maximilian.Blenk@bmw.de> | 2021-09-09 10:05:05 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-10-11 18:41:02 +0100 |
| commit | 57f51e8c73ab9f55f20815a9459c3afad2b281e6 (patch) | |
| tree | 60dc2e4d9ec0fc5990ffbfe241f88cba9d3c9b51 /meta/recipes-core | |
| parent | 6f3e231dc9bc11772573bf9683de9804460362d1 (diff) | |
| download | openembedded-core-57f51e8c73ab9f55f20815a9459c3afad2b281e6.tar.gz | |
mount-copybind: add rootcontext mountoption for overlayfs
If selinux is enabled, the context of the mountpoint for overlayfs
needs to be specified manually via the rootcontext option. To this
end, the required context is determined using matchpathcon(1) and
passed via the rootcontext mount option.
Additionally, if the mount source directory is created by mount-copybind
it also needs to take care that the context of the directory is correct
Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Diffstat (limited to 'meta/recipes-core')
| -rwxr-xr-x | meta/recipes-core/volatile-binds/files/mount-copybind | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind index 57a5ce5f21..aad022c6e4 100755 --- a/meta/recipes-core/volatile-binds/files/mount-copybind +++ b/meta/recipes-core/volatile-binds/files/mount-copybind @@ -31,6 +31,13 @@ if [ -d "$mountpoint" ]; then else specdir_existed=no mkdir "$spec" + # If the $spec directory is created we need to take care that + # the selinux context is correct + if command -v selinuxenabled > /dev/null 2>&1; then + if selinuxenabled; then + restorecon "$spec" + fi + fi fi # Fast version of calculating `dirname ${spec}`/.`basename ${spec}`-work @@ -39,7 +46,12 @@ if [ -d "$mountpoint" ]; then # Try to mount using overlay, which is must faster than copying files. # If that fails, fall back to slower copy. - if ! mount -t overlay overlay -olowerdir="$mountpoint",upperdir="$spec",workdir="$overlay_workdir" "$mountpoint" > /dev/null 2>&1; then + if command -v selinuxenabled > /dev/null 2>&1; then + if selinuxenabled; then + mountcontext=",rootcontext=$(matchpathcon -n $mountpoint)" + fi + fi + if ! mount -t overlay overlay -olowerdir="$mountpoint",upperdir="$spec",workdir="$overlay_workdir""$mountcontext" "$mountpoint" > /dev/null 2>&1; then if [ "$specdir_existed" != "yes" ]; then cp -aPR "$mountpoint"/. "$spec/" |