From 02c3a12c0817ceec7ff9879c59485b2f56988d06 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Wed, 29 Mar 2023 18:39:40 -0500 Subject: [PATCH] Support semanage.mods Aimee OS variants can now supply a `semange.mods` file in their configuration directories. This file contains SELinux customizations, in the format produced by `semanage export`. Variants can use this mechanism to set SELinux booleans, change user/login mappings, and other SELinux policy customization. At build time, the base `selinux.mods` file in the source directory is combined with the variant's file, if it exists, and the resultant customizations are applied in a single transaction. --- Makefile | 8 +++++++- build-rootfs.sh | 7 +++---- semanage.mods | 15 +++++++++++++++ 3 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 semanage.mods diff --git a/Makefile b/Makefile index 0842844..7889c0b 100644 --- a/Makefile +++ b/Makefile @@ -39,6 +39,11 @@ $(O)/.built: \ ./build.sh touch $(O)/.built +$(O)/semanage.mods: \ + semanage.mods \ + $(wildcard $(CONFIGDIR)/semanage.mods) + cat $^ > $@ + $(O)/.ready: \ build-rootfs.sh \ install.packages \ @@ -46,11 +51,12 @@ $(O)/.ready: \ $(CONFIGDIR)/installonly.packages \ $(CONFIGDIR)/busybox.symlinks \ $(O)/linux/arch/arm64/boot/Image.gz \ + $(O)/semanage.mods \ $(shell find overlay -type f) \ $(shell find $(CONFIGDIR)/overlay -type f 2>/dev/null) \ $(O)/.host-tools \ $(O)/.built - ./build-rootfs.sh + ./build-rootfs.sh "$(O)" touch $(O)/.ready $(O)/squashfs.exclude: \ diff --git a/build-rootfs.sh b/build-rootfs.sh index 655926c..c8d64ff 100755 --- a/build-rootfs.sh +++ b/build-rootfs.sh @@ -5,6 +5,8 @@ set -e . "${CONFIGDIR:=${PWD}}"/config +O="${1}" + mkdir -p \ /mnt/gentoo/usr/bin \ /mnt/gentoo/usr/lib \ @@ -97,10 +99,7 @@ fi unshare -m sh -e <