Hi Thomas, On Fri, Nov 22, 2019 at 10:55:38AM +0100, Thomas Petazzoni wrote: > Signed-off-by: Thomas Petazzoni <thomas.petazz...@bootlin.com> > --- > include/image.mk | 15 ++++++++++++++- > 1 file changed, 14 insertions(+), 1 deletion(-) > > diff --git a/include/image.mk b/include/image.mk > index 8592c19b99..86b3edeb87 100644 > --- a/include/image.mk > +++ b/include/image.mk > @@ -239,13 +239,26 @@ endef > $(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call > Image/mkfs/jffs2/template,$(S)))) > $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call > Image/mkfs/jffs2-nand/template,$(S)))) > > -define Image/mkfs/squashfs > +define Image/mkfs/squashfs-common > $(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \ > -nopad -noappend -root-owned \ > -comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \ > -processors 1 > endef > > +ifeq ($(CONFIG_PACKAGE_refpolicy),y) > +define Image/mkfs/squashfs > + echo "LD_LIBRARY_PATH=\$$LD_LIBRARY_PATH:$(STAGING_DIR_HOSTPKG)/lib > $(STAGING_DIR_HOSTPKG)/sbin/setfiles -r $(call mkfs_target_dir,$(1)) $(call > mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts > $(call mkfs_target_dir,$(1))" > $@.fakeroot-script > + echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script > + chmod +x $@.fakeroot-script > + $(STAGING_DIR_HOST)/bin/fakeroot $@.fakeroot-script > +endef > +else > +define Image/mkfs/squashfs > + $(call Image/mkfs/squashfs-common,$(1)) > +endef > +endif > +
I thought about introducing fakeroot in a similar way before, but for different purposes such as having setuid binaries or files owned by users other than root contained in the rootfs. Hence I believe it'd be good to always use fakeroot instead of using '-root-owned', but that's a bit more work... +1 for your work to enable SELinux in OpenWrt, I'll try to find time for some testing that. Cheers Daniel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
