|
|
|---|
fi | fi |
| |
# SELinux file labeling (needs to always be last in dyn_preinst) | # SELinux file labeling (needs to always be last in dyn_preinst) |
if useq selinux; then |
if hasq selinux $FEATURES; then |
# only attempt to label if setfiles is executable | # only attempt to label if setfiles is executable |
# and 'context' is available on selinuxfs. | # and 'context' is available on selinuxfs. |
if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then |
if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then |
echo ">>> Setting SELinux security labels" | echo ">>> Setting SELinux security labels" |
if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then |
( |
cp -f "${POLICYDIR}/file_contexts/file_contexts" "${T}" |
eval "$(/usr/sbin/selinuxconfig)" || \ |
else |
die "Failed to determine SELinux policy paths."; |
make -C "${POLICYDIR}" FC=${T}/file_contexts "${T}/file_contexts" |
|
fi |
addwrite /selinux/context; |
|
|
addwrite /selinux/context |
/usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}" || \ |
/usr/sbin/setfiles -r "${IMAGE}" "${T}/file_contexts" "${IMAGE}" \ |
die "Failed to set SELinux security labels."; |
|| die "Failed to set SELinux security labels." |
) |
else | else |
# nonfatal, since merging can happen outside a SE kernel | # nonfatal, since merging can happen outside a SE kernel |
# like during a recovery situation | # like during a recovery situation |
