init-storage: Support custom writable paths in /etc

Custom builds of Aimee OS can now specify additional paths under `/etc` that should be writable. This is accomplished by populating a file named `/etc/aimee-os/writable-etc` with a list of paths. Each line must indicate the type of file (regular file: `f`, directory: `d`) and the *relative* path under `/etc`.
2023-03-21 19:25:41 -05:00 · 2023-03-21 19:25:41 -05:00 · 7293415b40
parent 82e835e450
commit 7293415b40
2 changed files with 22 additions and 0 deletions
--- a/overlay/usr/libexec/init-storage
+++ b/overlay/usr/libexec/init-storage
@ -68,6 +68,26 @@ setup_etc() {
        cp -ca /etc/shadow "${tmpdir}"/shadow || exit
    fi
    mount -o bind "${tmpdir}"/shadow /etc/shadow || exit
+    if [ -f /etc/aimee-os/writable-etc ]; then
+        while read type path; do
+            if [ ! -e "${tmpdir}/${path}" ]; then
+                if [ -e /etc/"${path}" ]; then
+                    cp -ca /etc/"${path}" "${tmpdir}/${path}"
+                elif [ "${type}" = d ]; then
+                    mkdir -p "${tmpdir}/${path}"
+                elif [ "${type}" = f ]; then
+                    : > "${tmpdir}/${path}"
+                else
+                    printf 'Invalid path type %s for %s\n' \
+                        "${type}" \
+                        "${path}" \
+                        >&2
+                    continue
+                fi
+            fi
+            mount -o bind "${tmpdir}/${path}" /etc/"${path}"
+        done < /etc/aimee-os/writable-etc
+    fi
    umount "${tmpdir}"
 }

--- a/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te
+++ b/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te
@ -86,8 +86,10 @@ auth_manage_shadow(aimee_storinit_t)
 auth_relabel_shadow(aimee_storinit_t)
 gen_require(`
 	type shadow_t;
+	attribute configfile;
 ')
 allow aimee_storinit_t shadow_t:file mounton;
+allow aimee_storinit_t configfile:{file dir} mounton;

 ########################################
 #