particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

osbuild: add support to exclude_paths to setfiles()

Browse source 
This is needed because on a mounted `bootc` container `setfiles`
without excluding `/sysroot` will create many warnings like:
```
setfiles: conflicting specifications for /run/osbuild/tree/sysroot/ostree/repo/objects/00/0ef9ada2ee87792e8ba21afd65aa00d79a1253018832652b8694862fb80e84.file and /run/osbuild/tree/usr/lib/firmware/cirrus/cs35l41-dsp1-spk-prot-103c8b8f-r1.bin.xz, using system_u:object_r:lib_t:s0.
```
but simply excluding this dir fixes them.
This commit is contained in:
Michael Vogt 2024-03-19 10:51:46 +01:00 committed by Ondřej Budai
parent ba08a524a4
commit 0528ccc3f0
5 changed files with 52 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
test/mod/test_util_selinux.py
View file

@ -74,3 +74,16 @@ def test_selinux_setfiles(mocked_run, tmp_path):
["setfiles", "-F", "-r", os.fspath(tmp_path),
"/etc/selinux/thing", os.fspath(tmp_path) + "/boot"], check=True),
]
@mock.patch("subprocess.run")
def test_selinux_setfiles_exclude(mocked_run, tmp_path):
selinux.setfiles("/etc/selinux/thing", os.fspath(tmp_path), "/", exclude_paths=["/sysroot", "/other/dir"])
assert len(mocked_run.call_args_list) == 1
assert mocked_run.call_args_list == [
mock.call(
["setfiles", "-F", "-r", os.fspath(tmp_path),
"-e", "/sysroot", "-e", "/other/dir",
"/etc/selinux/thing", os.fspath(tmp_path) + "/"], check=True),
]