particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

distro/f32: manually relabel cp in buildroot with install_t

Browse source 
By labeling `cp` with `system_u:object_r:install_exec_t:s0` we allow it
to copy labels unknown to the host.

See also corresponding commit in osbuild:
e80130a830
This commit is contained in:
Martin Sehnoutka 2020-06-29 10:59:33 +02:00 committed by Tom Gundersen
parent f8f35016d6
commit 3fc03503a5
11 changed files with 69 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
internal/distro/fedora32/distro.go
View file

@ -298,7 +298,15 @@ func (t *imageType) pipeline(c *blueprint.Customizations, options distro.ImageOp
func (t *imageType) buildPipeline(repos []rpmmd.RepoConfig, arch architecture, buildPackageSpecs []rpmmd.PackageSpec) *osbuild.Pipeline {
p := &osbuild.Pipeline{}
p.AddStage(osbuild.NewRPMStage(t.rpmStageOptions(arch, repos, buildPackageSpecs)))
p.AddStage(osbuild.NewSELinuxStage(t.selinuxStageOptions()))
selinuxOptions := osbuild.SELinuxStageOptions{
FileContexts: "etc/selinux/targeted/contexts/files/file_contexts",
Labels: map[string]string{
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0",
},
}
p.AddStage(osbuild.NewSELinuxStage(&selinuxOptions))
return p
}

9
test/cases/fedora_32-aarch64-ami-boot.json
View file

@ -1982,6 +1982,15 @@
}
]
}
},
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]
},

9
test/cases/fedora_32-aarch64-openstack-boot.json
View file

@ -2053,6 +2053,15 @@
}
]
}
},
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]
},

9
test/cases/fedora_32-aarch64-qcow2-boot.json
View file

@ -1963,6 +1963,15 @@
}
]
}
},
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]
},

5
test/cases/fedora_32-x86_64-ami-boot.json
View file

@ -1975,7 +1975,10 @@
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]

5
test/cases/fedora_32-x86_64-fedora_iot_commit-boot.json
View file

@ -2207,7 +2207,10 @@
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]

5
test/cases/fedora_32-x86_64-openstack-boot.json
View file

@ -2046,7 +2046,10 @@
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]

5
test/cases/fedora_32-x86_64-qcow2-boot.json
View file

@ -1977,7 +1977,10 @@
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]

9
test/cases/fedora_32-x86_64-qcow2-customize.json
View file

@ -2025,6 +2025,15 @@
}
]
}
},
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]
},

5
test/cases/fedora_32-x86_64-vhd-boot.json
View file

@ -1911,7 +1911,10 @@
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]

5
test/cases/fedora_32-x86_64-vmdk-boot.json
View file

@ -1932,7 +1932,10 @@
{
"name": "org.osbuild.selinux",
"options": {
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
"file_contexts": "etc/selinux/targeted/contexts/files/file_contexts",
"labels": {
"/usr/bin/cp": "system_u:object_r:install_exec_t:s0"
}
}
}
]