From patchwork Tue Sep 7 12:58:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Jos=C3=A9_Pekkarinen?= X-Patchwork-Id: 1525345 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=unikie-com.20150623.gappssmtp.com header.i=@unikie-com.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=Q5xn6ffu; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.buildroot.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=buildroot-bounces@lists.buildroot.org; receiver=) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H3lhG0YFYz9sf8 for ; Tue, 7 Sep 2021 22:58:53 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 11706404D0; Tue, 7 Sep 2021 12:58:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_FhT47atjUR; Tue, 7 Sep 2021 12:58:49 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp2.osuosl.org (Postfix) with ESMTP id 1F3D440270; Tue, 7 Sep 2021 12:58:48 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id AAD891BF334 for ; Tue, 7 Sep 2021 12:58:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id A7C13828EF for ; Tue, 7 Sep 2021 12:58:46 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=unikie-com.20150623.gappssmtp.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMdzMOP99AdC for ; Tue, 7 Sep 2021 12:58:45 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4A8BA828DF for ; Tue, 7 Sep 2021 12:58:45 +0000 (UTC) Received: by mail-lf1-x12d.google.com with SMTP id e23so5243869lfj.9 for ; Tue, 07 Sep 2021 05:58:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unikie-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=zONzmpI+xXnnWg+/3kId1fVR4VUdAPeVktXjULtiG6Y=; b=Q5xn6ffuwVLsysyyJJ/sekIQHoFtaG4F2SGLSTrhz7HDXetrSBZRyuDeWrUQmCflxi EKwIt7p2u35/pmIls9VCOcx/j7XCy4ub8yq4VM+4TCDmpjxclu0ijPRlcWXWbeDk3w3J NaVmsvsPnnaVLDQ/u98ZCY0b9YTrFKYnwCInuMRaGeRJt1K5maSAcVDQ+77vQ86G7oqw R+Pd4pqHs7CETPA0291qN8K2uAsYfOuffor5NL+jZBNZF59NLbN89Lpitf85+gouA0GA mh8XlTtq4I3bLiHLmywekAYp6RT3eFZan2exiMajQ4ozX6x8h0EkVc+sKzd1akQXSCM2 tN9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=zONzmpI+xXnnWg+/3kId1fVR4VUdAPeVktXjULtiG6Y=; b=hyxmQJbv/u+b7TynIzOalXHUDYxVdq7/DetgXR5MLt1reLTEgBNTR2ymOYw/TSd/Wc H+iJ5W1DmjsH3lAbQEjO4DScYf4nan0jZQyfx1C1iwpAr/gZmI0c+9HbE0hG6nKPZXuM wI64baliovwjP/LSi18o2PSYcU2lHOLpIlhZMdG/oibENEAq4WLH7s6W6V7B+JriJ4mf pKAAp79WRpsHA4EQ+k9Xs0BAl3CY0fC5GFPaR6HxWzEWZcvzkvL/EpMLXoyRybQBLJHt GZoS5QoOOmHOwSyNcVnQs2p3yNQ0V0Vk6WXri12t38b9PH3xfyEWqQL6JyrVTH9JKxqQ dq6g== X-Gm-Message-State: AOAM5314+ZM9dw0qJEhJvIBc8aWguQhmRn6WKhDE8lrZpohp/x4V7RH8 Lefjrdhsq6dzaA3qddR3W95WhS4HkpdEHRvK X-Google-Smtp-Source: ABdhPJxZ/EGAHjWM/O07KJ9Mu//7/tvp3VBpKEuenxODLwJWbD605e28uYHtm3/+iMg1+WoV5UBN7A== X-Received: by 2002:a05:6512:398c:: with SMTP id j12mr12305930lfu.102.1631019522730; Tue, 07 Sep 2021 05:58:42 -0700 (PDT) Received: from Unikie-T14-Gen-2i.madriguera.foxhound.fi (88-113-104-240.elisa-laajakaista.fi. [88.113.104.240]) by smtp.googlemail.com with ESMTPSA id o18sm1007826lfg.109.2021.09.07.05.58.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Sep 2021 05:58:42 -0700 (PDT) From: =?utf-8?q?Jos=C3=A9_Pekkarinen?= To: buildroot@buildroot.org Date: Tue, 7 Sep 2021 15:58:41 +0300 Message-Id: <20210907125841.509792-1-jose.pekkarinen@unikie.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH] package/policycoreutils: Add service to handle selinux autorelabel X-BeenThere: buildroot@lists.buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Jos=C3=A9_Pekkarinen?= Errors-To: buildroot-bounces@lists.buildroot.org Sender: "buildroot" This patch adds a system service to check whether the autorelabel via is requested or not, and produce the labeling of the system under the loaded final kernel, including automatically populated fs by the kernel. Signed-off-by: José Pekkarinen --- .../policycoreutils/S00selinux-autorelabel | 49 +++++++++++++++++++ package/policycoreutils/policycoreutils.mk | 5 ++ 2 files changed, 54 insertions(+) create mode 100644 package/policycoreutils/S00selinux-autorelabel diff --git a/package/policycoreutils/S00selinux-autorelabel b/package/policycoreutils/S00selinux-autorelabel new file mode 100644 index 0000000000..7a47db891f --- /dev/null +++ b/package/policycoreutils/S00selinux-autorelabel @@ -0,0 +1,49 @@ +#!/bin/sh + +DAEMON="Autorelabel check" + +start() { + printf 'Starting %s: ' "$DAEMON" + + if [ -f /.autorelabel ]; then + echo "Relabeling" + echo "*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required." + echo "*** Relabeling could take a very long time, depending on file" + echo "*** system size and speed of hard drives." + mount -a + setfiles -m -r / + + # Remove label + rm -f /.autorelabel || failed "Failed to remove the autorelabel flag" + + # Reboot to activate relabeled file system + echo "Automatic reboot in progress." + reboot -f + fi + + echo "OK" + return 0 +} + +stop() { + printf 'Stopping %s: ' "$DAEMON" + echo "OK" + return 0 +} + +restart() { + stop + sleep 1 + start +} + +case "$1" in + start|stop|restart) + "$1";; + reload) + # Restart, since there is no true "reload" feature. + restart;; + *) + echo "Usage: $0 {start|stop|restart|reload}" + exit 1 +esac diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk index 5290c5b9f8..f698698059 100644 --- a/package/policycoreutils/policycoreutils.mk +++ b/package/policycoreutils/policycoreutils.mk @@ -93,5 +93,10 @@ define HOST_POLICYCOREUTILS_INSTALL_CMDS ) endef +define POLICYCOREUTILS_INSTALL_INIT_SYSV + $(INSTALL) -m 0755 -D package/policycoreutils/S00selinux-autorelabel \ + $(TARGET_DIR)/etc/init.d/S00selinux-autorelabel +endef + $(eval $(generic-package)) $(eval $(host-generic-package))