Skip to content

Commit

Permalink
Merge pull request containers#290 from cgwalters/label-root
Browse files Browse the repository at this point in the history
install: Ensure we label `/` (and `/boot`)
  • Loading branch information
cgwalters authored Jan 29, 2024
2 parents 024aa19 + d515c31 commit ba8f744
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
10 changes: 10 additions & 0 deletions lib/src/install.rs
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,10 @@ async fn initialize_ostree_root_from_self(
let rootfs = root_setup.rootfs.as_path();
let cancellable = gio::Cancellable::NONE;

// Ensure that the physical root is labeled.
// Another implementation: https://github.com/coreos/coreos-assembler/blob/3cd3307904593b3a131b81567b13a4d0b6fe7c90/src/create_disk.sh#L295
state.lsm_label(rootfs, "/".into(), false)?;

// TODO: make configurable?
let stateroot = STATEROOT_DEFAULT;
Task::new_and_run(
Expand All @@ -453,6 +457,12 @@ async fn initialize_ostree_root_from_self(
["admin", "init-fs", "--modern", rootfs.as_str()],
)?;

// And also label /boot AKA xbootldr, if it exists
let bootdir = rootfs.join("boot");
if bootdir.try_exists()? {
state.lsm_label(&bootdir, "/boot".into(), false)?;
}

// Default to avoiding grub2-mkconfig etc., but we need to use zipl on s390x.
// TODO: Lower this logic into ostree proper.
let bootloader = if cfg!(target_arch = "s390x") {
Expand Down
3 changes: 3 additions & 0 deletions tests/kolainst/install
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ EOF
grep -Ee '^linux /boot/ostree' /var/mnt/loader/entries/*.conf
umount /var/mnt
echo "ok install"
mount /dev/vda4 /var/mnt
ls -dZ /var/mnt |grep ':root_t:'
umount /var/mnt

# Now test install to-filesystem
# Wipe the device
Expand Down

0 comments on commit ba8f744

Please sign in to comment.