Support hardcoded user.ima to security.ima translation

Signed-off-by: Stefan Berger <[email protected]>
coreos · Apr 13, 2021 · 7a4858e · 7a4858e
1 parent 9af4e82
commit 7a4858e
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/libpriv/rpmostree-postprocess.cxx b/src/libpriv/rpmostree-postprocess.cxx
@@ -1225,7 +1225,8 @@ filter_xattrs_impl (OstreeRepo     *repo,
   /* If you have a use case for something else, file an issue */
   static const char *accepted_xattrs[] =
     { "security.capability", /* https://lwn.net/Articles/211883/ */
-      "user.pax.flags" /* https://github.com/projectatomic/rpm-ostree/issues/412 */
+      "user.pax.flags", /* https://github.com/projectatomic/rpm-ostree/issues/412 */
+      "user.ima" /* will be replaced with security.ima */
     };
   g_autoptr(GVariant) existing_xattrs = NULL;
   g_autoptr(GVariantIter) viter = NULL;
@@ -1266,7 +1267,13 @@ filter_xattrs_impl (OstreeRepo     *repo,
           const char *validkey = accepted_xattrs[i];
           const char *attrkey = g_variant_get_bytestring (key);
           if (g_str_equal (validkey, attrkey))
-            g_variant_builder_add (&builder, "(@ay@ay)", key, value);
+            {
+              if (g_str_equal (validkey, "user.ima"))
+                  g_variant_builder_add (&builder, "(@ay@ay)",
+                                         g_variant_new_bytestring ("security.ima"), value);
+              else
+                  g_variant_builder_add (&builder, "(@ay@ay)", key, value);
+            }
         }
     }