AimeeOS/aimee-os
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create subvolumes in init-storage

Browse Source 
It turns out that we cannot use `systemd-tmpfiles` to create our Btrfs
subvolumes.  Since the directories we are interested in, specifically
`/var/log` and `/var/tmp` already exist in the rootfs image and are
therefore copied into the mutable filesystem, `systemd-tmpfiles` ignores
them.

To avoid having to explicitly specify the SELinux context for each
subvolume created on the persistent filesystem, `init-storage` now
executes `setfiles` to set the appropriate labels.
This commit is contained in:
Dustin
2023-03-15 18:59:25 -05:00
parent 7c3738d067
commit b38f48b72f
3 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te
View File

@@ -65,9 +65,10 @@ dontaudit aimee_storinit_t mount_runtime_t:dir write;
seutil_read_config(aimee_storinit_t)
seutil_read_file_contexts(aimee_storinit_t)
seutil_read_bin_policy(aimee_storinit_t)
seutil_domtrans_setfiles(aimee_storinit_t)
kernel_rw_unlabeled_dirs(aimee_storinit_t)
kernel_relabelfrom_unlabeled_dirs(aimee_storinit_t)
kernel_manage_unlabeled_dirs(aimee_storinit_t)
auth_manage_shadow(aimee_storinit_t)
auth_relabel_shadow(aimee_storinit_t)