harald/VerityBook
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

pre-pivot.sh: use setfiles to relabel

Browse source
This commit is contained in:
Harald Hoyer 2018-11-19 15:28:49 +01:00
parent 19d4b9fccf
commit 09a12bc63f
1 changed files with 7 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
pre-pivot.sh
View file

@ -126,29 +126,24 @@ mount -o bind /run/initramfs/mnt/cfg /sysroot/cfg
umount -l /run/initramfs/mnt &>/dev/null umount -l /run/initramfs/mnt &>/dev/null
if [[ $FIRST_TIME ]]; then if [[ $FIRST_TIME ]]; then
mount -o bind /sys /sysroot/sys
mount -t selinuxfs none /sysroot/sys/fs/selinux
chroot /sysroot bash -c ' chroot /sysroot bash -c '
/usr/sbin/load_policy -i for i in /var /home /cfg /usr/local; do
/sbin/restorecon -m -F -v /cfg /var /home mountpoint -q "$i" || continue
/usr/sbin/setfiles -v -F \
/etc/selinux/targeted/contexts/files/file_contexts $i
done
' '
umount /sysroot/sys/fs/selinux
umount /sysroot/sys
fi fi
if [[ $RELABEL ]]; then if [[ $RELABEL ]]; then
mount -o bind /sys /sysroot/sys
mount -t selinuxfs none /sysroot/sys/fs/selinux
chroot /sysroot bash -c ' chroot /sysroot bash -c '
/usr/sbin/load_policy -i
for i in var home cfg; do for i in var home cfg; do
[[ -e /$i/.autorelabel ]] || continue [[ -e /$i/.autorelabel ]] || continue
rm -f /$i/.autorelabel rm -f /$i/.autorelabel
/sbin/restorecon -m -F -v -R /$i /usr/sbin/setfiles -v -F \
/etc/selinux/targeted/contexts/files/file_contexts /$i
done done
' 2>&1 | vwarn ' 2>&1 | vwarn
umount /sysroot/sys/fs/selinux
umount /sysroot/sys
fi fi
: :