distro/f32: manually relabel cp in buildroot with install_t

By labeling `cp` with `system_u:object_r:install_exec_t:s0` we allow it to copy labels unknown to the host. See also corresponding commit in osbuild: e80130a830
2020-06-29 10:59:33 +02:00 · 2020-06-29 10:59:33 +02:00 · 3fc03503a5
commit 3fc03503a5
parent f8f35016d6
11 changed files with 69 additions and 7 deletions
--- a/internal/distro/fedora32/distro.go
+++ b/internal/distro/fedora32/distro.go
@ -298,7 +298,15 @@ func (t *imageType) pipeline(c *blueprint.Customizations, options distro.ImageOp
 func (t *imageType) buildPipeline(repos []rpmmd.RepoConfig, arch architecture, buildPackageSpecs []rpmmd.PackageSpec) *osbuild.Pipeline {
 	p := &osbuild.Pipeline{}
 	p.AddStage(osbuild.NewRPMStage(t.rpmStageOptions(arch, repos, buildPackageSpecs)))
-	p.AddStage(osbuild.NewSELinuxStage(t.selinuxStageOptions()))
+
+	selinuxOptions := osbuild.SELinuxStageOptions{
+		FileContexts: "etc/selinux/targeted/contexts/files/file_contexts",
+		Labels: map[string]string{
+			"/usr/bin/cp": "system_u:object_r:install_exec_t:s0",
+		},
+	}
+
+	p.AddStage(osbuild.NewSELinuxStage(&selinuxOptions))
 	return p
 }