INHERIT += "netboot"
-IMAGE_INSTALL:append:netboot = " curl"
+IMAGE_INSTALL:append:netboot = " \
+ curl \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'resolv-conf-relabel policycoreutils-loadpolicy', '', d)} \
+"
rm -f /etc/resolv.conf
grep -v bootserver /proc/net/pnp | sed 's/^domain/search/g' >/etc/resolv.conf
+# Do SELinux relabeling if required, to avoid a reboot that would complicate CI
+if [ -f /.autorelabel ]; then
+ # Nothing SELinux related works w/o the fs mounted
+ do_mount_fs selinuxfs /sys/fs/selinux
+
+ # Labeling requires the policy to be loaded
+ log_info "Loading SELinux policy"
+ /usr/sbin/load_policy
+
+ /usr/bin/selinux-autorelabel.sh
+
+ # Will get remounted by systemd startup, unmount to keep that behavior
+ # more like the non-netboot case.
+ umount /sys/fs/selinux
+fi
+
# unmount tmp and run to let systemd remount them
log_info "Unmounting /tmp and /run"
umount /tmp
--- /dev/null
+[Unit]
+Description=SELinux resolv.conf relabeling
+DefaultDependencies=no
+ConditionKernelCommandLine=ip
+ConditionKernelCommandLine=nbd.server
+After=local-fs.target
+Before=sysinit.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/restorecon -Fi /etc/resolv.conf
+
+[Install]
+WantedBy=sysinit.target
--- /dev/null
+SUMMARY = "System unit to relabel resolve.conf"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+SRC_URI = "file://resolv-conf-relabel.service"
+
+inherit systemd allarch features_check
+
+SYSTEMD_SERVICE:${PN} = "${BPN}.service"
+
+REQUIRED_DISTRO_FEATURES = "systemd"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+ install -d ${D}${systemd_system_unitdir}
+ install -m 0644 ${WORKDIR}/resolv-conf-relabel.service ${D}${systemd_system_unitdir}/
+}
+
+FILES:${PN} += "${systemd_system_unitdir}"