mount-copybind: add SELinux support

bind mounts don't use the SELinux label of the target, but the SELinux
label of the source.

This patch restores the SELinux context of the bind mount recursively using
restorecon.

Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>

diff --git a/meta/recipes-core/volatile-binds/files/mount-copybind b/meta/recipes-core/volatile-binds/files/mount-copybind
index e32e675308ca0669034801829f88de697ef53dd4..57a5ce5f218d600be4e314c0046232fc240f8230 100755 (executable)
--- a/meta/recipes-core/volatile-binds/files/mount-copybind
+++ b/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -46,6 +46,12 @@ if [ -d "$mountpoint" ]; then
         fi
 
         mount -o "bind$options" "$spec" "$mountpoint"
+        # restore the selinux context.
+        if command -v selinuxenabled > /dev/null 2>&1; then
+            if selinuxenabled; then
+                restorecon -R "$mountpoint"
+            fi
+        fi
     fi
 elif [ -f "$mountpoint" ]; then
     if [ ! -f "$spec" ]; then
@@ -53,4 +59,10 @@ elif [ -f "$mountpoint" ]; then
     fi
 
     mount -o "bind$options" "$spec" "$mountpoint"
+    # restore the selinux context.
+    if command -v selinuxenabled > /dev/null 2>&1; then
+        if selinuxenabled; then
+            restorecon -R "$mountpoint"
+        fi
+    fi
 fi