summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorTobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>2021-09-09 10:05:04 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-10-11 18:41:02 +0100
commit6f3e231dc9bc11772573bf9683de9804460362d1 (patch)
tree2998d09973334331943ebddb69942f5de7fadbe9 /meta/recipes-core
parentda489ef6e36711cb40d26f64f292fb92a0073f4a (diff)
downloadopenembedded-core-6f3e231dc9bc11772573bf9683de9804460362d1.tar.gz
mount-copybind: add SELinux support
bind mounts don't use the SELinux label of the target, but the SELinux label of the source. This patch restores the SELinux context of the bind mount recursively using restorecon. Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Diffstat (limited to 'meta/recipes-core')
-rwxr-xr-xmeta/recipes-core/volatile-binds/files/mount-copybind12
1 files changed, 12 insertions, 0 deletions
diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind
index e32e675308..57a5ce5f21 100755
--- a/meta/recipes-core/volatile-binds/files/mount-copybind
+++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -46,6 +46,12 @@ if [ -d "$mountpoint" ]; then
fi
mount -o "bind$options" "$spec" "$mountpoint"
+ # restore the selinux context.
+ if command -v selinuxenabled > /dev/null 2>&1; then
+ if selinuxenabled; then
+ restorecon -R "$mountpoint"
+ fi
+ fi
fi
elif [ -f "$mountpoint" ]; then
if [ ! -f "$spec" ]; then
@@ -53,4 +59,10 @@ elif [ -f "$mountpoint" ]; then
fi
mount -o "bind$options" "$spec" "$mountpoint"
+ # restore the selinux context.
+ if command -v selinuxenabled > /dev/null 2>&1; then
+ if selinuxenabled; then
+ restorecon -R "$mountpoint"
+ fi
+ fi
fi