meta-netboot: Add SELinux support
Changes:
- Add logic to init.sh to handle autorelabeling the root filesystem
if it is tagged as requiring it. In practice this should only be
required when booting images built on hosts that have xattr support,
or if relabeling is manually triggered on subsequent boots. There
was a stated goal of avoiding the reboot from the later userspace
handling of autorelabeling in CI, so this hook aims to enable that
for the non-xattr build host corner case.
- Add a resolv-conf-relabel recipe that installs a systemd unit to
relabel /etc/resolv.conf when netbooting. This is required because
the file always gets modified inside init.sh, and it does not seem
worthwhile to always do the extra policy load required to relabel it
in the initramfs. This may need to be revisited if it proves
difficult to handle denials in early booting when netbooting.
- Add the required extra packages for relabeling to IMAGE_INSTALL.
Bug-AGL: SPEC-4332
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: I26b27c1cea68a029264352bd206c160cac3d451e
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27791
Tested-by: Jenkins Job builder account
ci-image-build: Jenkins Job builder account
ci-image-boot-test: Jenkins Job builder account
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Code Review / AGL / meta-agl.git / commit