stages/selinux: add an selinux stage

This stage labels the target tree based on an SELinux policy already installed in the target. Signed-off-by: Tom Gundersen <teg@jklm.no>
2019-06-21 13:36:49 +02:00 · 2019-06-21 13:36:49 +02:00 · 63a4f795dc
commit 63a4f795dc
parent 73629185c0
3 changed files with 41 additions and 1 deletions
--- a/samples/base-with-selinux.json
+++ b/samples/base-with-selinux.json
@ -0,0 +1,23 @@
+{
+  "name": "base-with-selinux",
+  "stages": [
+    {
+      "name": "io.weldr.untree",
+      "options": {
+        "tree": "base"
+      }
+    },
+    {
+      "name": "io.weldr.selinux",
+      "options": {
+        "file_contexts": "etc/selinux/targeted/contexts/files/file_contexts"
+      }
+    }
+  ],
+  "assembler": {
+    "name": "io.weldr.tree",
+    "options": {
+      "tree": "base-with-selinux"
+    }
+  }
+}
--- a/samples/base.json
+++ b/samples/base.json
@ -14,7 +14,8 @@
          }
        },
        "packages": [
-          "@Core"
+          "@Core",
+          "selinux-policy-targeted"
        ]
      }
    }
--- a/stages/io.weldr.selinux
+++ b/stages/io.weldr.selinux
@ -0,0 +1,16 @@
+#!/usr/bin/python3
+
+import json
+import os
+import subprocess
+import sys
+
+def main(tree, options):
+    file_contexts = os.path.join(f"{tree}", options["file_contexts"])
+
+    subprocess.run(["setfiles", "-F", "-r", f"{tree}", f"{file_contexts}", f"{tree}"], check=True)
+
+if __name__ == '__main__':
+    args = json.load(sys.stdin)
+    r = main(args["tree"], args["options"])
+    sys.exit(r)