Lines 1299-1318
Link Here
|
1299 |
fi |
1299 |
fi |
1300 |
|
1300 |
|
1301 |
# SELinux file labeling (needs to always be last in dyn_preinst) |
1301 |
# SELinux file labeling (needs to always be last in dyn_preinst) |
1302 |
if useq selinux; then |
1302 |
if hasq selinux $FEATURES; then |
1303 |
# only attempt to label if setfiles is executable |
1303 |
# only attempt to label if setfiles is executable |
1304 |
# and 'context' is available on selinuxfs. |
1304 |
# and 'context' is available on selinuxfs. |
1305 |
if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then |
1305 |
if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then |
1306 |
echo ">>> Setting SELinux security labels" |
1306 |
echo ">>> Setting SELinux security labels" |
1307 |
if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then |
1307 |
( |
1308 |
cp -f "${POLICYDIR}/file_contexts/file_contexts" "${T}" |
1308 |
eval "$(/usr/sbin/selinuxconfig)" || \ |
1309 |
else |
1309 |
die "Failed to determine SELinux policy paths."; |
1310 |
make -C "${POLICYDIR}" FC=${T}/file_contexts "${T}/file_contexts" |
1310 |
|
1311 |
fi |
1311 |
addwrite /selinux/context; |
1312 |
|
1312 |
|
1313 |
addwrite /selinux/context |
1313 |
/usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}" || \ |
1314 |
/usr/sbin/setfiles -r "${IMAGE}" "${T}/file_contexts" "${IMAGE}" \ |
1314 |
die "Failed to set SELinux security labels."; |
1315 |
|| die "Failed to set SELinux security labels." |
1315 |
) |
1316 |
else |
1316 |
else |
1317 |
# nonfatal, since merging can happen outside a SE kernel |
1317 |
# nonfatal, since merging can happen outside a SE kernel |
1318 |
# like during a recovery situation |
1318 |
# like during a recovery situation |