From 9e57beef30921c98a1e1e6f2110f8cedc3dbf06c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 2 Oct 2023 11:05:31 -0400 Subject: [PATCH] repo: Add an option to label /usr/etc as /etc This will be very useful for enabling a "transient /etc" option because we won't have to do hacks relabling in the initramfs, or forcing it on just for composefs. --- src/libostree/ostree-repo-commit.c | 6 +++++- src/libostree/ostree-repo.h | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c index c269142e72..2292bec8e0 100644 --- a/src/libostree/ostree-repo-commit.c +++ b/src/libostree/ostree-repo-commit.c @@ -3272,8 +3272,12 @@ get_final_xattrs (OstreeRepo *self, OstreeRepoCommitModifier *modifier, const ch if (modifier && modifier->sepolicy) { g_autofree char *label = NULL; + const char *path_for_labeling = relpath; - if (!ostree_sepolicy_get_label (modifier->sepolicy, relpath, + if ((modifier->flags & OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC) > 0 && g_str_has_prefix (relpath, "/usr/etc")) + path_for_labeling += strlen ("/usr"); + + if (!ostree_sepolicy_get_label (modifier->sepolicy, path_for_labeling, g_file_info_get_attribute_uint32 (file_info, "unix::mode"), &label, cancellable, error)) return FALSE; diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h index 2dea909223..235b5bef52 100644 --- a/src/libostree/ostree-repo.h +++ b/src/libostree/ostree-repo.h @@ -517,6 +517,8 @@ typedef OstreeRepoCommitFilterResult (*OstreeRepoCommitFilter) (OstreeRepo *repo * 2017.13 * @OSTREE_REPO_COMMIT_MODIFIER_FLAGS_DEVINO_CANONICAL: If a devino cache hit is found, skip * modifier filters (non-directories only); Since: 2017.14 + * @OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC: For SELinux and other systems, label /usr/etc as if it was /etc. + * modifier filters (non-directories only); Since: 2023.7 * * Flags modifying commit behavior. In bare-user-only mode, * @OSTREE_REPO_COMMIT_MODIFIER_FLAGS_CANONICAL_PERMISSIONS and @@ -532,6 +534,7 @@ typedef enum OSTREE_REPO_COMMIT_MODIFIER_FLAGS_ERROR_ON_UNLABELED = (1 << 3), OSTREE_REPO_COMMIT_MODIFIER_FLAGS_CONSUME = (1 << 4), OSTREE_REPO_COMMIT_MODIFIER_FLAGS_DEVINO_CANONICAL = (1 << 5), + OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC = (1 << 6), } OstreeRepoCommitModifierFlags; /**