From patchwork Fri Sep 22 02:22:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 30917 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 438DEE7D0BF for ; Fri, 22 Sep 2023 02:22:54 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.13329.1695349372719898006 for ; Thu, 21 Sep 2023 19:22:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=cJjPSIhE; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=76297e7a8c=yi.zhao@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 38M2DKLC005215; Fri, 22 Sep 2023 02:22:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from:to:subject:date:message-id:content-transfer-encoding :content-type:mime-version; s=PPS06212021; bh=Zsodqib8WEN+PLJ6Ol nWzPApIYZBK9gB6Qvk59sddDY=; b=cJjPSIhE31gbQRev/D9vtBJdjrVjWDjWZ3 gRvgzZ1AVMiPTZCioCnHtYMPXVEkcbkfOnUqbJwFxxaeBTHBvp4UkY1FFKcgnPt2 vHXx9LmI2W6YoCjniczHtT6FUStYpsbDeomADH5EOFgRAV6n9neQS+k6vQUnmoIy RsCe1FscZjpSrBA+JkrTVG25C8n5qmHZ0i9cBzLS7xiijtUXCNB2qbpnO8+omIe2 R9e6YFapW6KgjOirIacRVGMUJmrStp9ZVNXivEM5DCuHcpP3wXTWL12+6P1K07+a bvrMi5ibfx+dB1cT/3Z3SPbM8+N73VHPHuUtgxQfmX9BwxWBc/eA== Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2173.outbound.protection.outlook.com [104.47.59.173]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3t8tvx0b2q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 22 Sep 2023 02:22:51 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bOFwqaXeVXMKgz4pD8R5R5hqTxCawneGRB9mGc2438RJd1mA/CYuBLL0Hb3Bk5KFpiFd3miCuYZGkoksXIBFoqcjdWTigDD/aQ/oo7rIjjKUyRBCJuex2K59LKfg4DX8RxDbQ4aaSvIBijMfGs5iFZnHO7P2xWT380eNnC/LTmFYXFY51Xz6sBhdJzMCKfA4rlcWOZWMJrt7t80Q4Re4mYRf3rbfMc4S/W7mC6U5kM7OWFInDVJNPoYEUSV78Ws8E545EJvJqPksX6Elz51Puh3lPH0661iYBsg5R5CLQUtxQFgKYbjssEOXlKURwASoJT4a2a9EsXwg0j2vcKrH6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zsodqib8WEN+PLJ6OlnWzPApIYZBK9gB6Qvk59sddDY=; b=dstoLYHLck7RtCoIwL0F5v1UIPwWqjiz2yxOUuL2TZjBS/IEXoeEmanUbiR94B0bI1yi8QA/wnKP8FSHDvgwi0aDfPODeWfZnO9AazBtYZhpJo0pN0ANLnBuY+0ZNnwyUIomVbxTmdyuHQ+11COz1kfR7E0PbGyJ2g0WoLnLcQ88ViMkNAZgUNW2D/B+4fKTvxoZFq6VMsqbs2qOO+LQ/dm258u+PiACPc+h4wRozT2rhG6Gjfb242V1hDy7+0PNM5IyDTqgxHxx1OR+/3YeZP6LO48fva9NiRQUB1IpClV67+oVA76nKxqi6zx7IMYaCR4pDDsCL+f6b0wxL6X71Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) by SA1PR11MB6614.namprd11.prod.outlook.com (2603:10b6:806:255::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.20; Fri, 22 Sep 2023 02:22:48 +0000 Received: from CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::1ba9:4bef:c1a4:306]) by CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::1ba9:4bef:c1a4:306%2]) with mapi id 15.20.6792.026; Fri, 22 Sep 2023 02:22:48 +0000 From: Yi Zhao To: yocto@lists.yoctoproject.org, joe.macdonald@siemens.com, joe_macdonald@mentor.com Subject: [meta-selinux][PATCH 1/3] selinux-image.bbclass: refactor bbclass Date: Fri, 22 Sep 2023 10:22:34 +0800 Message-Id: <20230922022236.3578345-1-yi.zhao@windriver.com> X-Mailer: git-send-email 2.25.1 X-ClientProxiedBy: SI2PR01CA0028.apcprd01.prod.exchangelabs.com (2603:1096:4:192::21) To CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PR11MB4867:EE_|SA1PR11MB6614:EE_ X-MS-Office365-Filtering-Correlation-Id: 2a7515f8-5a41-498a-cff1-08dbbb12d096 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5EteRNy9BUSeURmOm8Ka4qQFVn9rAG6FngzBy//XGpYbwxaURZd3K/HwO2bXQoGMFfuaA9t+no9h1Giu3a06RXClq3jlZ3AE31J6dTc6HkHL8YPjomtJO2SM8ov6VyN0eWvBZk4Ja/whaBNabS5+VyMNvApJtRn2+KPgJf6L4bblmDYPkHZB6zZYBwz0EivMXnns8spIzYtNsW9qUzE4pWLyvQLP4+fDytRGbMUIEFeykIJR7P3hf8hq6Q3bUrU3YGfmhtMv8qxpYlO82tIjIeGnKn6LmxZKP1OXxSrwPVUBpimogbiyWs1ll3AUB1OLEXkf+UGArhhk4SzM0L2fUe0M/2FQ63/Ezm645RSRxCPgTVUQ6P21TrQDKx1FByiYQONi+MQIL28Xg3oM9thkg3ZZC7SbgX1jLx8FpZoG5qtbO8Ql+dTr/awVjBK0d11sGO5ii2HzQuDxohn4vGxrbUCqKERDXG9tqX/3j+obQrMc/fkbpBkMAIRgfLDTx3HwKzGdh/bcDMvlo+EOFqClXtyENZutVNKh4sGVzyM0HY9gxFAd1MxEvCSBZpvfDOE4zPbqp/DrzSlzGpKSEeqQe1lNDus8WMwpa8zVHa9cXdhNHULbTn8t2IKrzwLRvqmk X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(136003)(396003)(346002)(376002)(39850400004)(186009)(1800799009)(451199024)(8936002)(66476007)(41300700001)(8676002)(66556008)(316002)(66946007)(5660300002)(44832011)(478600001)(2906002)(6666004)(6486002)(2616005)(6506007)(6512007)(52116002)(1076003)(38100700002)(83380400001)(26005)(36756003)(38350700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: apORdyypy1Nz9L/1Wem6Zh9Hj8VHKF+0X/Hvx9XPNbUakpKQ7CCjhmdA4J6YCv0b+5Qr4Jxi6Pc3JEGd0D+UI/oapK4ndCKoF7yLL9SLf9elmwqXb2WpRD2ZO0Gl+yAnv4pvaCeOiRSOt8KMrAOeif4qaNlezs5gmZXJN12j8SFQrdFPbdMbovxAyjVN90inIIsx4SjaE4Ex6PuZ7SV11jPv2bdzifRXGTf5DTN0zREM+1VQLlzaqH/czRTwUnOosjY7DV8XihFSwfkRGKaQWzC21l73+UDDEKI+Qngfrl19cx5Tl0aioYnpJqYZzI+YrVzk6etVd/h9rwlzVEViCIRup2GtKLYWg8WOlzVv7nok6ZGmLceDwm0zdlNyhXQeP1EQlii9BVK7pwEgMxnNw3XxWgfeCK3dh9BnL13BfVvVyGW9RHYi1TAbsL7rXBRMQN2vvgGKC3p32GqIgIGTkX3dlvJ9PqHbmPMsWXebiIlNQxNZtcV+1OMnAT7g88DjgSEKfkcPrgzkkZpuWK0N7oGhTbMOza/YxSjhXs0hruR4ac+BR1GMDbjJCGCn2J+qqV8xf10D2gjhPTr0oggmcpXW3h/Ib/vg1iq7B1Dmr7v7hCng8gJddgEWnr+6WGZ2QZ/xYzVHv0AOC/x574t1AMDaLXzEung8HGZwGqJsHNeUfWq88A/FEcKbpXZhjCwqoxgvFweX8k3cG9upj/D68o68Afi0VdQICYAFAmaRqV4zOvYP/OPMqob0vw+80OgsmTibQWUNoD10nftOBGiHBrE20F0ZoOkcUGTxm5+d9F4R5rfLW58pizKo1zg+sWLNBoxhEa0i6yzE4qYV5AMVbR0zVfHIoF/Rm8/lmfnUCkn26RUeRrfQv1cx+yViBMXdYkEdEKYEaOUAOTbhm8eNBZch3T6wtv8CVsJeU6crH0ECWfoSVFf/60Jz1GNXrGJEs9lEqWhzNvyCBxDuLw0clnBq3RR/fSgpqxZ2Y4sRdymtpg77INZsPuLTjdIKx6LaQy0X9WEkyURlMgcwV6g6IS22dSXSnF6+HY2m7jMhhXvmlSDimmePbXl09seW+iiaeu+yeVrRyZQ/nfI+12XDPG++Fs3JHmxO60jiQxNX73mRTf+JtgigahrPBUzvUfRNEQgBwzsg5TeNtPHtz49FbuuhyBIapMujt3cDfPNMfxV3nrt6yU7DSHtty6WNr2db/eU3ACOTGT1Wk0y5XCylZN0VB6LWJUtvleU7YI1kHxKN3akKa8l9yH2/GtkkulL0jF7uZGsaMhMuU5vooaelkoaD8GPQhNWDbotIrgB+voYSnSH9LkKHy3wkJ/nfIA38yjqKdtW8Tw8Swl9zuDw6CTvCqgGHOrTVHd9s9bpsKO5Dso6jx2L/Vy0/Zk93l9IOOi3poXL5zRn+/7rYAdPD5k+hCMmi+RD89aQzTfmNPqwWZxdPKutQaK1BUhy+m4VKbnM/w/mNE4fm4IYLZV0RYA1+VXXNQHVPZs2za/t/dJsRhx1C86vTQSApVnbdeKsl08y9H3rPdjKmhwbCycDI+X8DPEsV0Yq20DQJuHN15k/ak+Ma2h5vRxR1nrLuu42G X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2a7515f8-5a41-498a-cff1-08dbbb12d096 X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4867.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2023 02:22:48.8260 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iAfvhlGd7rQHR+4BiCQWOUt8KW0nq9Wggg/CbB/d2uApEp4enxkYUgExHdoBgPW/u35JEGCun4Oyym4bDC4MRg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB6614 X-Proofpoint-ORIG-GUID: Ehs2q1qZ9412cv95rseinLpAh-Jai3Rt X-Proofpoint-GUID: Ehs2q1qZ9412cv95rseinLpAh-Jai3Rt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-09-22_01,2023-09-21_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 bulkscore=0 spamscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 malwarescore=0 priorityscore=1501 phishscore=0 suspectscore=0 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2309180000 definitions=main-2309220020 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Sep 2023 02:22:54 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/61070 The selinux_set_labels function should run as late as possible. To guarantee that, we append it to IMAGE_PREPROCESS_COMMAND in RecipePreFinalise event handler, this ensures it is the last function in IMAGE_PREPROCESS_COMMAND. After refactoring, system using systemd can also label selinux contexts during build. Signed-off-by: Yi Zhao --- classes/selinux-image.bbclass | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/classes/selinux-image.bbclass b/classes/selinux-image.bbclass index 23645b7..b4f9321 100644 --- a/classes/selinux-image.bbclass +++ b/classes/selinux-image.bbclass @@ -1,15 +1,29 @@ -selinux_set_labels () { - POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config) - if ! setfiles -m -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS} - then - echo WARNING: Unable to set filesystem context, setfiles / restorecon must be run on the live image. - touch ${IMAGE_ROOTFS}/.autorelabel - exit 0 +selinux_set_labels() { + if [ -f ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config ]; then + POL_TYPE=$(sed -n -e "s&^SELINUXTYPE[[:space:]]*=[[:space:]]*\([0-9A-Za-z_]\+\)&\1&p" ${IMAGE_ROOTFS}/${sysconfdir}/selinux/config) + if ! setfiles -m -r ${IMAGE_ROOTFS} ${IMAGE_ROOTFS}/${sysconfdir}/selinux/${POL_TYPE}/contexts/files/file_contexts ${IMAGE_ROOTFS} + then + bbwarn "Failed to set security contexts. Restoring security contexts will run on first boot." + echo "# first boot relabelling" > ${IMAGE_ROOTFS}/.autorelabel + fi fi } -DEPENDS += "policycoreutils-native" +# The selinux_set_labels function should run as late as possible. Append +# it to IMAGE_PREPROCESS_COMMAND in RecipePreFinalise event handler, +# this ensures it is the last function in IMAGE_PREPROCESS_COMMAND. +python selinux_setlabels_handler() { + if not d or 'selinux' not in d.getVar('DISTRO_FEATURES').split(): + return -IMAGE_PREPROCESS_COMMAND:append = " selinux_set_labels ;" + if d.getVar('FIRST_BOOT_RELABEL') == '1': + return + + d.appendVar('IMAGE_PREPROCESS_COMMAND', ' selinux_set_labels; ') + d.appendVarFlag('do_image', 'depends', ' policycoreutils-native:do_populate_sysroot') +} + +addhandler selinux_setlabels_handler +selinux_setlabels_handler[eventmask] = "bb.event.RecipePreFinalise" inherit core-image From patchwork Fri Sep 22 02:22:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 30918 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4579FE7D0C0 for ; Fri, 22 Sep 2023 02:22:54 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.13134.1695349373067948502 for ; Thu, 21 Sep 2023 19:22:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=DegLSBwv; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=76297e7a8c=yi.zhao@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 38M2DKLD005215; Fri, 22 Sep 2023 02:22:52 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from:to:subject:date:message-id:in-reply-to:references :content-transfer-encoding:content-type:mime-version; s= PPS06212021; bh=crbve8OcUX7mSglWF2MUoCk9/nw/4oTsXCf+rpeVFv8=; b= DegLSBwvjnsYiWVJoap1RiVYZR7W06EzaFJuj7FewFXV01kZRxaWJposrGJ6/1K1 Bbuj6xUeR+AADVFpNktjD+Npq7PO5Ke1o/HpyeLIC01yAJqq9wb2cWTE0shNbXqm ftiE7q6Wig57GYcoHCL0QYGOQDxO1XzrIAMYbSZF0SQ5E6Mfzg/9O8JrB0fJhwGI D5FPKcJaaMLh/r4lLFtjTvvwYotd7ikVbSr7tWkuMDJx7pWHmm3sPJFPFbXeiRVG WpWmpUMsIFgzkmuN2chvnstgVGi6Z9nfr9FgduDyzMMlZw3dPH3OsUwYr+Ear7Rd i3+/sr0g/cy+4cFQZDGgXw== Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2173.outbound.protection.outlook.com [104.47.59.173]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3t8tvx0b2q-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 22 Sep 2023 02:22:52 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q/zzUmvfN3M226AHrCybf6X5V/5f3WnsSmbPbl47ZyGOPzqjNzeChMd0ovwt3hrQhVVzc5AGeW5JyRJTu9m0419cQkG/EjImxaTwzD7Rg45yKqx8zzB0k0ub/nPsyCY5cTJ6+0Dfq79RvQ22hJlNq2am5zrOJQq7+mpjEX5V3pghMuPAKoGjrsVArP0iH457QUqOrXwA8ZmbYk0sZd7FtVisZMxnDa8vbwsga9zbyUd4GZ8KzyIej+E0j2/b4WoYQei1UC1dAnYPbHiYZHvz+bWZAcHJulYBzAXPeDq6OeXPQUTJEHDlloNbgo7js+Slw2JYPC4Hztub/74bnEMKHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=crbve8OcUX7mSglWF2MUoCk9/nw/4oTsXCf+rpeVFv8=; b=msnVdr8fDrdGanM6rJGQMcnEFrDd1McaQm4X4PfwTuSmhIFxTqoKjOS3pR8oGe+65cjK9ypf7V44wqputpVMw98NEGQjyP8z4deWgBDSbsDWA0dwrs2DcvUdLLxz4yOHj/zDQTgcG9hnf0K0DEki/os9LN+4AZKqIAWN1t8CGESq9kdNj8562JDMJjVNgMxlxWgC+c2XZr4t3zrgVFnfTjd/G7HKccyO4Bv/6d0vShUkEQXIFYTJC5Bz7rfhptZ2aqFksXM+ohHMGVhpKR7kH1mewPct+NkOhKlxseQpn8kJBnkx34cWkUekALks8qSHg9shPWwZ+JX6pNU7ZC9XwQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) by SA1PR11MB6614.namprd11.prod.outlook.com (2603:10b6:806:255::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.20; Fri, 22 Sep 2023 02:22:50 +0000 Received: from CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::1ba9:4bef:c1a4:306]) by CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::1ba9:4bef:c1a4:306%2]) with mapi id 15.20.6792.026; Fri, 22 Sep 2023 02:22:50 +0000 From: Yi Zhao To: yocto@lists.yoctoproject.org, joe.macdonald@siemens.com, joe_macdonald@mentor.com Subject: [meta-selinux][PATCH 2/3] selinux-autorelabel: enable labeling during build Date: Fri, 22 Sep 2023 10:22:35 +0800 Message-Id: <20230922022236.3578345-2-yi.zhao@windriver.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230922022236.3578345-1-yi.zhao@windriver.com> References: <20230922022236.3578345-1-yi.zhao@windriver.com> X-ClientProxiedBy: SI2PR01CA0028.apcprd01.prod.exchangelabs.com (2603:1096:4:192::21) To CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PR11MB4867:EE_|SA1PR11MB6614:EE_ X-MS-Office365-Filtering-Correlation-Id: ce434e8b-e75b-48b7-66ba-08dbbb12d1be X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 32ymfqcsQQpNrVDbZ1Dqq7oPZDNsNqPiYw+XIQLcriB6SEYmL9Gi77zANJ1T+kWGd2dj3ZkuSwvcZ5Y+wD1Zpl9WVB+7T7gvfEU0u6tFxsvre05tUWUUikLvfESP0auJIMHXvxdWGgoGc0835w+ANu1uNm7siqLQVfV1vkUUBVB3YZs+naMdShKDBaxXJJ9yl9DINmyuEbXSRDecWTJIf7fBEjY+AxWWPFxEoaYJqwnf5KxpL5mqG1k8v3H8oyPJzupmXNYar6BC2oKk7AzN8nVrlBz/T/S4hzm+BOi8Jajl++PTwh+L9QYviPXdRrcoY2joZq+RxPRQAgQf4rKYGg2zFVKVTvSlu8oxiJ+klSa4AdPqV5nVm10h07tTn4W0C8CEdTCz5JYQkNisgzZmx/fKtvZ3Nt6/mo8iDysVrvRx7Zm2uolVFAV+H18KK4y1++3SiDDzZH3L/PQwRRLyd8vy6bFcLU1EMieLJBnvbvF8eTqma1D4SLKFHdV+8tlcoVEGKX1/ZLQXSSYa+R1DeFFgcygyWRGMr2LJW+zp166+Fl2fhSyl3hixjVUIwUSgjUj+iWbhUjVp6VI7hcWv3l/jmbLm4R5pHinYeA3buDx8pDoLaoPBfPNT7U/DTTPE X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(136003)(396003)(346002)(376002)(39850400004)(186009)(1800799009)(451199024)(8936002)(66476007)(41300700001)(8676002)(66556008)(316002)(66946007)(5660300002)(44832011)(478600001)(2906002)(6666004)(6486002)(2616005)(6506007)(6512007)(52116002)(1076003)(38100700002)(83380400001)(26005)(36756003)(38350700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ipdas8PvYA7pUrY/Krf4mJ7JazHXRcR7liiw02ZWdEjCdQm+mUW36hyth5eWOKjuW1iQ8Kcq51zUyU0otHOnRXrueyBOvE5ljMyzWuGJbDtqGS6ldMFVUzFL+U2JvigUbXOixQBKf+/OcI+4+ucT5ik+sAAgy9e8iRMS0GFMNCvSgesdKZQDZakUOEBe8urBvt2IbpN3imJJqTcti6R/kahemEDDQXTphtCCFE8EnLILxHnjusdaoIvtjzJlSYXOzLnQi4Z0sRod6Ca5NtEe+zOLpDsdI217pbi9vNH5W2Wi7IBvcfEdBE5HiLrsJfjlhzjRjPLbGUAunxqGsJkHWIBQL+gaDf6GCnNfJ7dfPivaN1RmRXPCaFd5QmfH6w78smorSxnCZ4M5ttpmyNiAYHGpvY14lpbL0VI0+kxTniZOub79oVvOETNZE0OCqmipzby42L7nWDym/n3mp6CUC/BmoAOi6IjYp1NBDWrCiQHYEJqKENwlpL3u4w8Cltzd8CbmU/jmY2CYBnxDhYfP0REPDpJT9MAenDpiEVoYQ4sbKkDHLUvd8+Qevx0NIe4XYiVeXU+HgqAc9DBcX8gBieS4sAglLYzgSx7xoB6SwfPLu/4JKaIwBsy9WQ/Q5JB1pgbtdoltR314pJltlgyll+9UBrTYHbVjj3ry304A6u3d5FpBZbv1EuANR60oUszXRVth9miOIduZdHNAEjHu2F1J4CWeEHvWXji2b8hfJHKJEONCAaoknXU65IzxokuCwOdL24TxoI9Cj4CIvBDCUicYW8FdqYEAAICrnU/jcf2EB1rf4/vqHUUemvIc+8CdBzZoYxkQOVaDHsdCVagEl47whYYvxTSfYYz9LjzrwgMQPlligeoLYIz6fQESE26dvH/jqiYh2kGawgYD7EamCdj/5vqt8l7pbg/PI4btjQzfP+ELCmg+DVk7PnpejZmvhtUKJVWVgErGI2dUSZmGKTsojtnRwsJnX0ZEvp5K44Aerwqx2/o9g7OnusK2CokDwQj3wiqNxAKI7wFo8lP3xr8HPtPHUf1nyUJb5vrpsnMgU5JSWERzfuhUoH89pNYQojAL9jalJhBxbpbBDLrn2tgVU6Vus3gCHdgxOUfQenIQ3euO/riT6mMiZ8nJi2sqCG8pswqk5huX+UrIoBxhkJ3hUlAIgajTfvmhOYkB8xT8NiZIMg3YcnN7nQ/pLKhNC2U9rlQZ3fVdkPvET8OOHVUQ3Wt98zpIKnLKkuweHA8W7bXu2TmvhIdVk38MwGFTmlynbHB0XJKAF2QZYAiBrQWPzk1xlzPXZUgDEbRaWq4yd2s+wK1EEwI3PUgYZyF1ZrNW9DnJzjgLOHSX7HLYUG/Ygu1YuPwrvxleE54cMvCmW5NDDqHUv+aPMbqJ8S2aH47J0n5UwIFGp568w4rwLUHba8YMN47FV8y9CQxnKu6QYyhSlqkqoKuhtut2InVGb2KC9e64AU85c+o07uJXDNNLQZKfYuXPbqYkaQZbmFQhHBNwO2kOH0sXy7D6whjmn8rP7846g8YMWq4jMkDzWvgeb1G/fR1WSkBiNcMqMG6WC0Kq0WJF7WaYr7R4xUd+ X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce434e8b-e75b-48b7-66ba-08dbbb12d1be X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4867.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2023 02:22:50.8569 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kPQ/wXDEVak/cVmfs5cUclLPsjQE89HVbotMmzkSC83JT1Ad/Amf8dVM63bqHl0R29MAfVQPGyfmoZxwhyWtiw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB6614 X-Proofpoint-ORIG-GUID: J2uPO4Yq_fALBo3thj2w--E8uyzUT6wu X-Proofpoint-GUID: J2uPO4Yq_fALBo3thj2w--E8uyzUT6wu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-09-22_01,2023-09-21_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 spamscore=0 mlxscore=0 impostorscore=0 mlxlogscore=687 malwarescore=0 priorityscore=1501 phishscore=0 suspectscore=0 adultscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2309180000 definitions=main-2309220020 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Sep 2023 02:22:54 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/61071 Previously, system using systemd would label selinux contexts on first boot. While system using sysvinit would label during build. Add a variable FIRST_BOOT_RELABEL as a switch to control labeling to make the behavior of sysvinit and systemd consistent. Set FIRST_BOOT_RELABEL to 1 in local.conf to enable labeling on first boot. Signed-off-by: Yi Zhao --- recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb b/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb index a919445..9fd066c 100644 --- a/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb +++ b/recipes-security/selinux-scripts/selinux-autorelabel_0.1.bb @@ -20,7 +20,7 @@ INITSCRIPT_PARAMS = "start 01 S ." require selinux-initsh.inc do_install:append() { - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - echo "# first boot relabelling" > ${D}/.autorelabel - fi + if ${@bb.utils.contains('FIRST_BOOT_RELABEL', '1', 'true', 'false', d)}; then + echo "# first boot relabelling" > ${D}/.autorelabel + fi } From patchwork Fri Sep 22 02:22:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 30919 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DCE0E7D0C0 for ; Fri, 22 Sep 2023 02:23:04 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.13136.1695349375176317429 for ; Thu, 21 Sep 2023 19:22:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=rZ7wH+Eo; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=76297e7a8c=yi.zhao@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 38M0SXnW017701; Fri, 22 Sep 2023 02:22:54 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=from:to:subject:date:message-id:in-reply-to:references :content-transfer-encoding:content-type:mime-version; s= PPS06212021; bh=3mLCp8cvW8hEFHJZ/iggLDn3Ao4lJjnq+aAwTsPtwyY=; b= rZ7wH+EohLz33ZJWhvu0I/YxUqHfNDz9F6saYOtSRmKHwjyrlvZXgQL9CG15Wodp mrDsCnCL38KxdLs123txZvCGsqiTpByreIj0nasgqdHjZC+pgTqOhux/SDTk8QWh eHYlF2EOdBvRniTo9nxLzwM9WiNvjlXU3scpbIFy+xF8QckenxLjiKqxa43H+tWs rFJstwA1pN4BpM8Jf1xjHYI84j/NORIva7HhE6sur1hvszhSQIB8b6wMhQuCtziH u+ExRFFghearldR8AZxYOUjW5C566BgGAOuPnNmp7wOxSx6s0iTRxQp8eEDBbsgj Mumoxy92Kfo5eKFLzEHoOg== Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2176.outbound.protection.outlook.com [104.47.59.176]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 3t8tvxrb77-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 22 Sep 2023 02:22:54 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OJL8xPN20nbjxosZrIJsNsKKxcPtHPlue4KIYmV2vcoaXKPEzPNHp6HGaQrS8ICWGBalISNl1IDWuzG0Yx5eB+rzDy5N57eV2lrAXLMMa7vPEKhZwr+VLYgfWFROJTeYXEgpxQ/lmO6nzNQtu13Eruy1LThXXhhAG88aivznAc9oyW8lKud9vUvJxMVpJhOb6qyodRINvdORdBqTeObqsiPjXxIupxxcOH/SPZ1UNdBgpd4LvNpcjpFdFUpgEtEbltNH3Y5cj9F8gq0UXxmJWn8jq6j4p2yzqDPnHp49baqjmP2aSMwjIeUjR0Md6PCEpaWRL8swIZLCGcNEN5dMSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3mLCp8cvW8hEFHJZ/iggLDn3Ao4lJjnq+aAwTsPtwyY=; b=NeClIZ5Js3Vx56wvlbn3PaWX2I8PxzrvY3NE8Zhl0fY44qVpMg2hEoYBlxpH4YiUcdWxYjmocP/dEMTw+KpwU/lL7CvRa3SkMbND1+dc7bmo7/hyHJiDn03H0BzgNf/5XGgN5ffvyZA9RIXfpyjGuqCVE2BvfDzvBBE8JM3Nx+ycTiWo0JK3KQpTQKyR3tzj2N+PRKcXklzoj5d6vZ9/9YS8Z/qwXiIT88H6+0DzkSHbZ22jtuZqUsK0HWoMTsJsc09B7LWUpWKMc5+SidWI3EJsD2KR3y5lH7fwmWvvVaTZiK7hUbfoxH8zeBaiGyCqsjf1p/uMuhb3MB4k5PDF2Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) by SA1PR11MB6614.namprd11.prod.outlook.com (2603:10b6:806:255::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6813.20; Fri, 22 Sep 2023 02:22:52 +0000 Received: from CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::1ba9:4bef:c1a4:306]) by CO1PR11MB4867.namprd11.prod.outlook.com ([fe80::1ba9:4bef:c1a4:306%2]) with mapi id 15.20.6792.026; Fri, 22 Sep 2023 02:22:52 +0000 From: Yi Zhao To: yocto@lists.yoctoproject.org, joe.macdonald@siemens.com, joe_macdonald@mentor.com Subject: [meta-selinux][PATCH 3/3] README: update Date: Fri, 22 Sep 2023 10:22:36 +0800 Message-Id: <20230922022236.3578345-3-yi.zhao@windriver.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230922022236.3578345-1-yi.zhao@windriver.com> References: <20230922022236.3578345-1-yi.zhao@windriver.com> X-ClientProxiedBy: SI2PR01CA0028.apcprd01.prod.exchangelabs.com (2603:1096:4:192::21) To CO1PR11MB4867.namprd11.prod.outlook.com (2603:10b6:303:9a::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CO1PR11MB4867:EE_|SA1PR11MB6614:EE_ X-MS-Office365-Filtering-Correlation-Id: bc07b988-77ea-4941-20ea-08dbbb12d2ed X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 1Ffz/m29PdVjhMImJIXo78KNHXACdsd3wp5nES2dIyLjm1SENJG2nZrJ7AOT4YI2AgFZbUxO0gH1YHadUfMRyMVdrQP0YQbydwrCMzdIjpMCHRSVZDsAwngkEpQver197TyNEu1EYcBszt0HOPCMmOxfiQlH83VjYtyfbNLs/5+W2EfSwRGibszpflYuTKdXYv1fZdJhyIDRUlorbglkoqMJUQBUAyG/UJ9AxWVYVd4EeLojfZJOZFJ5HL5GG7P0vBhi2BmuJh2MPyx863bj3vLk71XmkIvmy14auyYZiQ6nar9JtHNq9UVrFWrP7Xg4mP7Bw53WWCjJt047ayFtdoY//SMjCVSEzB1DsutXr0c2jscbhurmI7KfsUSx/tfkgmaJZ7Vy9MZOHOL/mjQzKCAUJRsgGGpFe2w0Wd6LAtNmJFxQB5pch6zRPa29483+b/GoNmU8QLD3EKTeXCazVD4QmPqR09QtH6fHWBIhatySu1/H0/imZkNrlmQTj0YAuNLcw0smS85Ja4v5im9LuKsmGiidiJ+/nRRFeU293exZYVTUteMAXQ009ET0VPFKL/5ep+9bV79a4UAi95iqr2yzbqY2ZC9VM8FYeykaXg2JZPAYmQ8yxwmmG30Vmayj X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4867.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(136003)(396003)(346002)(376002)(39850400004)(186009)(1800799009)(451199024)(8936002)(66476007)(41300700001)(8676002)(66556008)(316002)(66946007)(5660300002)(44832011)(478600001)(4744005)(2906002)(6666004)(6486002)(2616005)(6506007)(6512007)(52116002)(1076003)(38100700002)(26005)(36756003)(38350700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: TN7xw19bLqcK80Ws3x/6VJXDiZ9ixZQYr2zw23PfBGJtkq/YcriAdEoppufQqgrKkk7Vnskfgy/HBEvXhLd5FW/MEHDkDrCW4lyBzNHd9IhaW+uUyDDxEXl6oBQmZzgxB6mE0XTGHEOwvc3PnZMVUDJnfoC6RHaklFWtcVpvHPpZnsRWsH8GOTh1N+F3FfuH27xn4xYH69HrVikDEvsyihYsRIk5Ujp30t0hYdZ6bRQXzwsigR+c1swrODId07+tcqHlH8LxG6mb6FS5qKW8l6kn6t0GgDwBEv4SHzaAxVVlpWJRr2LKqwIjWLgPcjVAGXqSFTqiU316DXB7prjt5RlQCxcymJDbBu5VCPdCLdfKmTIMLG+4zzWUlA0wu+pigv7HzknZVrC96M4ORV3CQMUFeh93uMpu5uIfVDKBQ3ATeK2SG3zm6ogGO4aKDZ1VhFF9HUcrB4EybV8sJr8duygTTG34HgzbWJ4tSBK+i0UzW/zr8dE/FhzwVB+zGdUov0sbVJz9EMy8EBnpEB6GiyvKXuOp5uJDTAcbjdXyR+Q234zUAuO9EYwBCiasClOmLpVPrT0BBM2jit27GrbYDve7hdeblLUhRJGW74upyUxZqJYSIAGNIdlSkT1AJGdnHJm0xULeSDmSDCztr5ceCMFK9NF2uQGhecC/dxoxZ44Thi1au6QC/AuxrG0Y+Iuu/HjZPpYOqPLzMtFWA1B1ejHji/xCMi0W7tDmHoqNt9GhMZoL31VijwI4OdmwwkzLRrgNWtAzDZJLmCslduJk82voPUQZWaZblNLf1nwehcusG7ewjuOrGfQIolaulmc/wUr7MoIa66G5+x00fPb/wQI6nu8uqNdYeDasa09Kd/2sPP2tLrk6C5XENXnwSmT0Z/JD8AGhNcQGViVEvJzQGbWINzalPIxipwGjHPb/8THeEkdGPxv60mavgmv2p8D5G6IPK2RwMg0xkHI/29fV3a0gaIXXrb51ydwwEBHQ2HGR7ODaH1J/y3/rOExUSniTGiNK0x12sPWUS5BqgeAFGQsgpwhpctjKMEnU7hksA4IsgW56ItnGT55WB+l1cW5QSWLpnb1ayMfCh+ErNYHISmsIpKNYv6OmprQSqrChXv+s/PL5Hnx6nC329tf0IbkovzsB+395vx3oohZtK0GDO8s8OgUGOWf4KQ6J2hAzJuPxOPsiekV1hI3wceOXRH+8hCH6i8t0iLDT6V3UewkD/ghf/L80wgH1PWCZnsUzFpiApffQ/06QnBGZmO/c4ORzWgzfL9IqA121YLcMRd04+OcP9f0z4s95P2FQztCCkdhuuo/k1HBjtpM9qMxmYhVqPsmG2rfyJtgzpLJ3IUGQRTMvbaw7VW7Nj/jr2Pfd5rOR3PgkLkgW1UgveiBXi0vjGd/BPt11Lx2dhEEV2rwkQmUvYNyZDqu5eYtiaxnxjj4OyN6yYWWZjwt6xLYGDJFadGOhR90FFZWnxdd50tZ8RbglGgxLNFfOxirW9DA8rFWo4D+FQUzB6Bems0b3A/IDZuTADBufMaPUhR/r37v9dwG4uaZaRClR2W4Cdfbg8JPZ4m7WSzLEBHY9BvZJZHVf X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: bc07b988-77ea-4941-20ea-08dbbb12d2ed X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4867.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2023 02:22:52.8452 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kYYXv3p9oTtz2PZMrqAgEsTv/j1Xh4xF9PcYaAnqkOBdR+WpDhUD3en1R/wxS1l2E7hb9BsKowcNy8IIgWMH1A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB6614 X-Proofpoint-GUID: HtpuhZe93bwK6t12oduiF6ILpF4erz8o X-Proofpoint-ORIG-GUID: HtpuhZe93bwK6t12oduiF6ILpF4erz8o X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-09-22_01,2023-09-21_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 mlxlogscore=826 clxscore=1015 mlxscore=0 suspectscore=0 impostorscore=0 spamscore=0 priorityscore=1501 adultscore=0 lowpriorityscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2309180000 definitions=main-2309220020 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 22 Sep 2023 02:23:04 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/61072 Add how to enable labeling on first boot. Signed-off-by: Yi Zhao --- README | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README b/README index 77b6253..67708f7 100644 --- a/README +++ b/README @@ -75,6 +75,14 @@ VIRTUAL-RUNTIME_init_manager = "systemd" DISTRO_FEATURES_BACKFILL_CONSIDERED = "" +Enable labeling on first boot +---------------------------- +By default, the system will label selinux contexts during build. To enable +labeling on first boot. Set FIRST_BOOT_RELABEL to 1 in local.conf: + +FIRST_BOOT_RELABEL = "1" + + Starting up the system ---------------------- Most likely the reference policy selected will not just work "out of the box".