diff --git a/lib/src/install.rs b/lib/src/install.rs index b53b1432..67f1cf04 100644 --- a/lib/src/install.rs +++ b/lib/src/install.rs @@ -185,6 +185,21 @@ pub(crate) struct State { pub(crate) install_config: config::InstallConfiguration, } +impl State { + // Wraps core lsm labeling functionality, conditionalizing based on source state + pub(crate) fn lsm_label( + &self, + target: &Utf8Path, + as_path: &Utf8Path, + recurse: bool, + ) -> Result<()> { + if !self.source.selinux { + return Ok(()); + } + crate::lsm::lsm_label(target, as_path, recurse) + } +} + /// Path to initially deployed version information const BOOTC_ALEPH_PATH: &str = ".bootc-aleph.json"; @@ -438,7 +453,7 @@ async fn initialize_ostree_root_from_self( .run()?; // Ensure everything in the ostree repo is labeled - lsm_label(&rootfs.join("ostree"), "/usr".into(), true)?; + state.lsm_label(&rootfs.join("ostree"), "/usr".into(), true)?; let sysroot = ostree::Sysroot::new(Some(&gio::File::for_path(rootfs))); sysroot.load(cancellable)?; diff --git a/lib/src/install/baseline.rs b/lib/src/install/baseline.rs index cc547f9f..f86c58f1 100644 --- a/lib/src/install/baseline.rs +++ b/lib/src/install/baseline.rs @@ -346,15 +346,15 @@ pub(crate) fn install_create_rootfs( .collect::>(); mount::mount(&rootdev, &rootfs)?; - lsm_label(&rootfs, "/".into(), false)?; + state.lsm_label(&rootfs, "/".into(), false)?; let rootfs_fd = Dir::open_ambient_dir(&rootfs, cap_std::ambient_authority())?; let bootfs = rootfs.join("boot"); std::fs::create_dir(&bootfs).context("Creating /boot")?; // The underlying directory on the root should be labeled - lsm_label(&bootfs, "/boot".into(), false)?; + state.lsm_label(&bootfs, "/boot".into(), false)?; mount::mount(bootdev, &bootfs)?; // And we want to label the root mount of /boot - lsm_label(&bootfs, "/boot".into(), false)?; + state.lsm_label(&bootfs, "/boot".into(), false)?; // Create the EFI system partition, if applicable if let Some(espdev) = espdev {