diff options
Diffstat (limited to 'libfstools/mount.c')
| -rw-r--r-- | libfstools/mount.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/libfstools/mount.c b/libfstools/mount.c index 8646c19..3d4111f 100644 --- a/libfstools/mount.c +++ b/libfstools/mount.c @@ -86,6 +86,24 @@ pivot(char *new, char *old) return 0; } +void +selinux_restorecon(char *overlaydir) +{ + struct stat s; + pid_t restorecon_pid; + int status; + + /* on non-SELinux system we don't have /sbin/restorecon, return */ + if (stat("/sbin/restorecon", &s)) + return; + + restorecon_pid = fork(); + if (!restorecon_pid) + exit(execl("/sbin/restorecon", "restorecon", overlaydir, (char *) NULL)); + else if (restorecon_pid > 0) + waitpid(restorecon_pid, &status, 0); +} + /** * fopivot - switch to overlay using passed dir as upper one * @@ -112,6 +130,13 @@ fopivot(char *rw_root, char *ro_root) upperdir, workdir); /* + * Initialize SELinux security label on newly created overlay + * filesystem where /upper doesn't yet exist + */ + if (stat(upperdir, &st)) + selinux_restorecon(rw_root); + + /* * Overlay FS v23 and later requires both a upper and * a work directory, both on the same filesystem, but * not part of the same subtree. |