build: add support for SELinux to include/image.mk
This allows the build process to prepare a squashfs filesystem for use with SELinux. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
This commit is contained in:
parent
1aa71833fe
commit
aee58d52ce
@ -328,4 +328,14 @@ menu "Global build settings"
|
|||||||
bool "Full"
|
bool "Full"
|
||||||
endchoice
|
endchoice
|
||||||
|
|
||||||
|
config TARGET_ROOTFS_SECURITY_LABELS
|
||||||
|
bool "Enable rootfs security labels"
|
||||||
|
select KERNEL_SQUASHFS_XATTR
|
||||||
|
select KERNEL_EXT4_FS_SECURITY
|
||||||
|
select KERNEL_F2FS_FS_SECURITY
|
||||||
|
select KERNEL_UBIFS_FS_SECURITY
|
||||||
|
select KERNEL_JFFS2_FS_SECURITY
|
||||||
|
select PACKAGE_refpolicy
|
||||||
|
help
|
||||||
|
This option enables the usage of SELinux labels
|
||||||
endmenu
|
endmenu
|
||||||
|
@ -234,13 +234,30 @@ endef
|
|||||||
$(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S))))
|
$(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S))))
|
||||||
$(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))))
|
$(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))))
|
||||||
|
|
||||||
define Image/mkfs/squashfs
|
define Image/mkfs/squashfs-common
|
||||||
$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
|
$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
|
||||||
-nopad -noappend -root-owned \
|
-nopad -noappend -root-owned \
|
||||||
-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
|
-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
|
||||||
-processors 1
|
-processors 1
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
|
||||||
|
define Image/mkfs/squashfs
|
||||||
|
echo "LD_LIBRARY_PATH=\$$LD_LIBRARY_PATH:$(STAGING_DIR_HOSTPKG)/lib" \
|
||||||
|
"$(STAGING_DIR_HOSTPKG)/sbin/setfiles -r" \
|
||||||
|
"$(call mkfs_target_dir,$(1))" \
|
||||||
|
"$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \
|
||||||
|
"$(call mkfs_target_dir,$(1))" > $@.fakeroot-script
|
||||||
|
echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
|
||||||
|
chmod +x $@.fakeroot-script
|
||||||
|
$(STAGING_DIR_HOST)/bin/fakeroot $@.fakeroot-script
|
||||||
|
endef
|
||||||
|
else
|
||||||
|
define Image/mkfs/squashfs
|
||||||
|
$(call Image/mkfs/squashfs-common,$(1))
|
||||||
|
endef
|
||||||
|
endif
|
||||||
|
|
||||||
# $(1): board name
|
# $(1): board name
|
||||||
# $(2): rootfs type
|
# $(2): rootfs type
|
||||||
# $(3): kernel image
|
# $(3): kernel image
|
||||||
|
Loading…
Reference in New Issue
Block a user