From: Tobias Kaufmann <[email protected]> bind mounts don't use the SELinux label of the target, but the SELinux label of the source.
This patch restores the SELinux context of the bind mount recursively using restorecon. Signed-off-by: Tobias Kaufmann <[email protected]> --- Hi guys, currently mount-copybind does not support SELinux. This patchset adds the necessary functionality. The SELinux related commands are only executed, when SELinux is enabled and SELinux tools are installed. Would be great to get this merged. Questions/Suggestions are welcomed anytime. :) Kind regards Tobias .../recipes-core/volatile-binds/files/mount-copybind | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind index e32e675308..57a5ce5f21 100755 --- a/meta/recipes-core/volatile-binds/files/mount-copybind +++ b/meta/recipes-core/volatile-binds/files/mount-copybind @@ -46,6 +46,12 @@ if [ -d "$mountpoint" ]; then fi mount -o "bind$options" "$spec" "$mountpoint" + # restore the selinux context. + if command -v selinuxenabled > /dev/null 2>&1; then + if selinuxenabled; then + restorecon -R "$mountpoint" + fi + fi fi elif [ -f "$mountpoint" ]; then if [ ! -f "$spec" ]; then @@ -53,4 +59,10 @@ elif [ -f "$mountpoint" ]; then fi mount -o "bind$options" "$spec" "$mountpoint" + # restore the selinux context. + if command -v selinuxenabled > /dev/null 2>&1; then + if selinuxenabled; then + restorecon -R "$mountpoint" + fi + fi fi -- 2.33.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155844): https://lists.openembedded.org/g/openembedded-core/message/155844 Mute This Topic: https://lists.openembedded.org/mt/85479550/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
