Create subvolumes in init-storage

It turns out that we cannot use `systemd-tmpfiles` to create our Btrfs subvolumes. Since the directories we are interested in, specifically `/var/log` and `/var/tmp` already exist in the rootfs image and are therefore copied into the mutable filesystem, `systemd-tmpfiles` ignores them. To avoid having to explicitly specify the SELinux context for each subvolume created on the persistent filesystem, `init-storage` now executes `setfiles` to set the appropriate labels.
2023-03-15 18:59:25 -05:00
parent 7c3738d067
commit b38f48b72f
3 changed files with 27 additions and 7 deletions
--- a/overlay/usr/libexec/init-storage
+++ b/overlay/usr/libexec/init-storage
@@ -1,6 +1,13 @@
 #!/bin/sh
 # vim: set sw=4 ts=4 sts=4 et :

+SUBVOLUMES='
+    /var
+    /var/log
+    /var/tmp
+    /etc
+'
+
 cleanup() {
    if [ -n "${tmpdir}" ] && [ "${tmpdir}" != / ]; then
        if mountpoint -q "${tmpdir}"; then
@@ -26,10 +33,11 @@ format_dev() {
    mkfs.btrfs "${dev}" || exit

    mount "${dev}" "${tmpdir}" || exit
-    btrfs subvolume create "${tmpdir}"/var || exit
-    chcon -t var_t "${tmpdir}"/var || exit
-    btrfs subvolume create "${tmpdir}"/etc || exit
-    chcon -t etc_t "${tmpdir}"/etc || exit
+    for vol in ${SUBVOLUMES}; do
+        mkdir -p "${tmpdir}${vol%/*}" || exit
+        btrfs subvolume create "${tmpdir}${vol}" || exit
+    done
+    relabel_all
    umount "${dev}" || exit
 }

@@ -39,6 +47,18 @@ has_fs() {
    [ -n "${fstype}" ]
 }

+relabel_all() {
+    selinuxtype=$(. /etc/selinux/config && echo ${SELINUXTYPE})
+    find "${tmpdir}" | \
+    setfiles \
+        -v \
+        -F \
+        -m \
+        -r "${tmpdir}" \
+        -s \
+        /etc/selinux/${selinuxtype}/contexts/files/file_contexts
+}
+
 setup_etc() {
    dev="$1"