CaROS/meta-selinux
3
0
Fork 0
mirror of git://git.yoctoproject.org/meta-selinux synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

selinux-image: Preserve SELinux contexts in tarballs

Browse Source 
Tarball images were created without SELinux context information,
causing loss of security labels during extraction while working with
features like:ostree. This breaks SELinux policy enforcement and requires
relabeling after deployment, adding runtime overhead.

Append "--selinux" to IMAGE_CMD_TAR to include SELinux file contexts
when generating tarball images. This ensures security labels are
preserved across image creation and deployment.

Signed-off-by: Sasi Kumar Maddineni <quic_sasikuma@quicinc.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Sasi Kumar Maddineni 2025-11-27 16:21:15 +05:30 committed by Yi Zhao
parent 612f8bcbcc
commit 9a913243ff
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
classes/selinux-image.bbclass
View File

@ -26,4 +26,6 @@ python selinux_setlabels_handler() {
addhandler selinux_setlabels_handler addhandler selinux_setlabels_handler
selinux_setlabels_handler[eventmask] = "bb.event.RecipePreFinalise" selinux_setlabels_handler[eventmask] = "bb.event.RecipePreFinalise"
IMAGE_CMD_TAR:append = " --selinux"
inherit core-image inherit core-image