build: add support for SELinux to include/image.mk
This allows the build process to prepare a squashfs filesystem for use with SELinux. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org>
This commit is contained in:
parent
1aa71833fe
commit
aee58d52ce
@ -328,4 +328,14 @@ menu "Global build settings"
|
||||
bool "Full"
|
||||
endchoice
|
||||
|
||||
config TARGET_ROOTFS_SECURITY_LABELS
|
||||
bool "Enable rootfs security labels"
|
||||
select KERNEL_SQUASHFS_XATTR
|
||||
select KERNEL_EXT4_FS_SECURITY
|
||||
select KERNEL_F2FS_FS_SECURITY
|
||||
select KERNEL_UBIFS_FS_SECURITY
|
||||
select KERNEL_JFFS2_FS_SECURITY
|
||||
select PACKAGE_refpolicy
|
||||
help
|
||||
This option enables the usage of SELinux labels
|
||||
endmenu
|
||||
|
@ -234,13 +234,30 @@ endef
|
||||
$(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S))))
|
||||
$(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))))
|
||||
|
||||
define Image/mkfs/squashfs
|
||||
define Image/mkfs/squashfs-common
|
||||
$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
|
||||
-nopad -noappend -root-owned \
|
||||
-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
|
||||
-processors 1
|
||||
endef
|
||||
|
||||
ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
|
||||
define Image/mkfs/squashfs
|
||||
echo "LD_LIBRARY_PATH=\$$LD_LIBRARY_PATH:$(STAGING_DIR_HOSTPKG)/lib" \
|
||||
"$(STAGING_DIR_HOSTPKG)/sbin/setfiles -r" \
|
||||
"$(call mkfs_target_dir,$(1))" \
|
||||
"$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \
|
||||
"$(call mkfs_target_dir,$(1))" > $@.fakeroot-script
|
||||
echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
|
||||
chmod +x $@.fakeroot-script
|
||||
$(STAGING_DIR_HOST)/bin/fakeroot $@.fakeroot-script
|
||||
endef
|
||||
else
|
||||
define Image/mkfs/squashfs
|
||||
$(call Image/mkfs/squashfs-common,$(1))
|
||||
endef
|
||||
endif
|
||||
|
||||
# $(1): board name
|
||||
# $(2): rootfs type
|
||||
# $(3): kernel image
|
||||
|
Loading…
Reference in New Issue
Block a user