From a5d6a35ae1bda998f2b77cb0381156abeebd77e1 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Thu, 25 Sep 2025 17:05:21 +0200 Subject: [PATCH] build_sysexts: Relabel sysexts too Signed-off-by: Krzesimir Nowak --- build_sysext | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/build_sysext b/build_sysext index eb8513a80f..d2777c65fd 100755 --- a/build_sysext +++ b/build_sysext @@ -237,9 +237,9 @@ done # Make squashfs generation more reproducible. export SOURCE_DATE_EPOCH=$(stat -c '%Y' "${BUILD_DIR}/fs-root/usr/lib/os-release") -# Unmount in order to get rid of the overlay +# Unmount in order to get rid of the overlay, but keep fs-root for +# now, so we can use selinux file contexts. umount "${BUILD_DIR}/${FLAGS_install_root_basename}" -umount "${BUILD_DIR}/fs-root" if [[ "$FLAGS_generate_pkginfo" = "${FLAGS_TRUE}" ]] ; then info " Creating pkginfo squashfs '${BUILD_DIR}/${SYSEXTNAME}_pkginfo.raw'" @@ -324,6 +324,10 @@ if [[ -n "${invalid_files}" ]]; then die "Invalid file ownership: ${invalid_files}" fi +info "Relabeling sysext contents" +setfiles -D -E -F -r "${BUILD_DIR}/${FLAGS_install_root_basename}" -v -T 0 "${BUILD_DIR}/fs-root/usr/share/flatcar/etc/selinux/mcs/contexts/files/file_contexts" "${BUILD_DIR}/${FLAGS_install_root_basename}" +umount "${BUILD_DIR}/fs-root" + # Set up EROFS compression options based on compression type if [[ "${FLAGS_compression}" != "none" ]]; then export SYSTEMD_REPART_MKFS_OPTIONS_EROFS="-z${FLAGS_compression}" @@ -352,7 +356,7 @@ systemd-repart \ rm -rf "${BUILD_DIR}"/{fs-root,"${FLAGS_install_root_basename}",workdir} -# Generate reports +info "Generating reports" mkdir "${BUILD_DIR}/img-rootfs" systemd-dissect --read-only \ --mount \