Skip to content

Commit

Permalink
build: set permissions for /boot
Browse files Browse the repository at this point in the history 
Restrict these files to align with standard practice, even though all
the contents are publicly available through the "boot" images in the
updates repository.

Signed-off-by: Ben Cressey <bcressey@amazon.com>
  • Loading branch information
@bcressey
bcressey committed Jun 17, 2022
1 parent ebfbe7f commit e8faa4b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions tools/rpm2img
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,7 @@ EOF

# BOTTLEROCKET-BOOT-A
mkdir -p "${BOOT_MOUNT}/lost+found"
chmod -R go-rwx "${BOOT_MOUNT}"
BOOT_LABELS=$(setfiles -n -d -F -m -r "${BOOT_MOUNT}" \
"${SELINUX_FILE_CONTEXTS}" "${BOOT_MOUNT}" \
| awk -v root="${BOOT_MOUNT}" '{gsub(root"/","/"); gsub(root,"/"); print "ea_set", $1, "security.selinux", $4}')
Expand Down

0 comments on commit e8faa4b

Please sign in to comment.