Message ID | 20191122095541.688125-5-thomas.petazzoni@bootlin.com |
---|---|
State | Changes Requested |
Delegated to: | Daniel Golle |
Headers | show |
Series | SELinux support: core OpenWrt changes | expand |
Hi Thomas, On Fri, Nov 22, 2019 at 10:55:38AM +0100, Thomas Petazzoni wrote: > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> > --- > include/image.mk | 15 ++++++++++++++- > 1 file changed, 14 insertions(+), 1 deletion(-) > > diff --git a/include/image.mk b/include/image.mk > index 8592c19b99..86b3edeb87 100644 > --- a/include/image.mk > +++ b/include/image.mk > @@ -239,13 +239,26 @@ endef > $(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S)))) > $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S)))) > > -define Image/mkfs/squashfs > +define Image/mkfs/squashfs-common > $(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \ > -nopad -noappend -root-owned \ > -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \ > -processors 1 > endef > > +ifeq ($(CONFIG_PACKAGE_refpolicy),y) > +define Image/mkfs/squashfs > + echo "LD_LIBRARY_PATH=\$$LD_LIBRARY_PATH:$(STAGING_DIR_HOSTPKG)/lib $(STAGING_DIR_HOSTPKG)/sbin/setfiles -r $(call mkfs_target_dir,$(1)) $(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts $(call mkfs_target_dir,$(1))" > $@.fakeroot-script > + echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script > + chmod +x $@.fakeroot-script > + $(STAGING_DIR_HOST)/bin/fakeroot $@.fakeroot-script > +endef > +else > +define Image/mkfs/squashfs > + $(call Image/mkfs/squashfs-common,$(1)) > +endef > +endif > + I thought about introducing fakeroot in a similar way before, but for different purposes such as having setuid binaries or files owned by users other than root contained in the rootfs. Hence I believe it'd be good to always use fakeroot instead of using '-root-owned', but that's a bit more work... +1 for your work to enable SELinux in OpenWrt, I'll try to find time for some testing that. Cheers Daniel
Hello Daniel, On Fri, 29 Nov 2019 00:01:26 +0100 Daniel Golle <daniel@makrotopia.org> wrote: > I thought about introducing fakeroot in a similar way before, but for > different purposes such as having setuid binaries or files owned by > users other than root contained in the rootfs. Right, that would indeed allow that. Buildroot uses fakeroot in a consistent way to build all filesystem images, which allows us to create files with arbitrary permissions/owernship. > +1 for your work to enable SELinux in OpenWrt, I'll try to find time > for some testing that. Thanks! Best regards, Thomas
diff --git a/include/image.mk b/include/image.mk index 8592c19b99..86b3edeb87 100644 --- a/include/image.mk +++ b/include/image.mk @@ -239,13 +239,26 @@ endef $(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S)))) $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S)))) -define Image/mkfs/squashfs +define Image/mkfs/squashfs-common $(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \ -nopad -noappend -root-owned \ -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \ -processors 1 endef +ifeq ($(CONFIG_PACKAGE_refpolicy),y) +define Image/mkfs/squashfs + echo "LD_LIBRARY_PATH=\$$LD_LIBRARY_PATH:$(STAGING_DIR_HOSTPKG)/lib $(STAGING_DIR_HOSTPKG)/sbin/setfiles -r $(call mkfs_target_dir,$(1)) $(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts $(call mkfs_target_dir,$(1))" > $@.fakeroot-script + echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script + chmod +x $@.fakeroot-script + $(STAGING_DIR_HOST)/bin/fakeroot $@.fakeroot-script +endef +else +define Image/mkfs/squashfs + $(call Image/mkfs/squashfs-common,$(1)) +endef +endif + # $(1): board name # $(2): rootfs type # $(3): kernel image
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> --- include/image.mk | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-)