mirror of
git://git.yoctoproject.org/meta-selinux
synced 2026-01-01 13:58:04 +00:00
91bf293772
When the read-only-rootfs feature (in IMAGE_FEATURES) is enabled, the populate-volatile.sh script runs at build time. This compensates for the fact that certain essential directories and files cannot be created at runtime, since the root filesystem is read-only. This is handled in oe-core's rootfs-postcommands.bbclass, in read_only_rootfs_hook. However, initscripts-1.0_selinux.inc appends some shell code to populate-volatile.sh considering it will be run in the target, not on the host machine. So, if one uses both read-only-rootfs and selinux (in DISTRO_FEATURES), the recursive call to restorecon is run in the host machine, since populate-volatile.sh is called in build time. This leads to errors such as: | NOTE: Executing read_only_rootfs_hook ... | DEBUG: Executing shell function read_only_rootfs_hook | /sbin/restorecon: Could not read /var/lib/AccountsService/users: Permission denied. | /sbin/restorecon: Could not read /var/lib/NetworkManager: Permission denied. | /sbin/restorecon: Could not read /var/lib/bluetooth: Permission denied. | /sbin/restorecon: Could not read /var/lib/chrony: Permission denied. As a matter of fact, this scenario is a fair reminder not to call bitbake with sudo. This change makes sure the append is only performed if the read-only-rootfs feature is not used. Signed-off-by: João Marcos Costa <joaomarcos.costa@bootlin.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> |
||
|---|---|---|
| .. | ||
| base-files | ||
| busybox | ||
| coreutils | ||
| dbus | ||
| eudev | ||
| glib-2.0 | ||
| initscripts | ||
| systemd | ||
| sysvinit | ||
| util-linux | ||