SELinux tomfoolery

src/creator.rs

@@ -1,4 +1,5 @@
 use color_eyre::{eyre::eyre, Help, Result};
+use tracing_subscriber::field::debug;
 use std::{
 	fs,
 	io::Write,
@@ -14,7 +15,7 @@ use crate::{
 
 const DEFAULT_DNF: &str = "dnf5";
 const DEFAULT_BOOTLOADER: &str = "limine";
-const UBOOT_DATA: &str = "/usr/share/uboot";
+// const UBOOT_DATA: &str = "/usr/share/uboot";
 
 #[derive(Debug, Clone)]
 pub struct ImageLayout {
@@ -42,6 +43,42 @@ pub trait ImageCreator {
 		Ok(())
 	}
 
+	fn genfstab(&self) -> Result<()> {
+		let cfg = self.get_cfg();
+		let root = cfg.instroot.canonicalize().expect("Cannot canonicalize instroot.");
+		let root = root.to_str().unwrap();
+		let out = format!("{}/etc/fstab", root);
+		// list mounts in $root
+		let mounts = cmd_lib::run_fun!(findmnt -n -o UUID,TARGET,FSTYPE,OPTIONS --real --raw --noheadings --notruncate --output-all --target $root)?;
+
+		// convert to fstab format
+		let mut mounts = mounts
+			.lines()
+			.map(|x| {
+				let mut x = x.split_whitespace();
+				let uuid = x.next().unwrap();
+				let target = x.next().unwrap();
+				let fstype = x.next().unwrap();
+				let options = x.next().unwrap();
+				format!(
+					"UUID={uuid}\t{target}\t{fstype}\t{options}\t0\t0",
+					uuid = uuid,
+					target = target,
+					fstype = fstype,
+					options = options
+				)
+			})
+			.collect::<Vec<String>>()
+			.join("\n");
+		mounts.push('\n');
+
+
+		debug!(?mounts, "Mounts");
+		let mut f = std::fs::File::create(out)?;
+		f.write_all(mounts.as_bytes())?;
+		Ok(())
+	}
+
 	fn dracut(&self) -> Result<()> {
 		// self.fstab()?;
 		let cfg = self.get_cfg();
@@ -176,6 +213,7 @@ pub trait ImageCreator {
 		// self.dracut()?;
 		self.rootpw()?;
 		self.postinst_script()?;
+		self.genfstab()?;
 
 		// self.squashfs()?;
 		// self.liveos()?;
@@ -322,15 +360,17 @@ pub trait ImageCreator {
 		debug!(?script, ?dest, "Copying postinst script");
 		std::fs::copy(script, &dest)?;
 		// debug!("Mounting /dev, /proc, /sys");
-		// prepare_chroot(rootname)?;
+		prepare_chroot(rootname)?;
 		info!(?script, "Running postinst script");
 		// TODO: use unshare
-		run!(~"unshare","-R", &rootname, &*format!("/{name}"))
-			.map_err(|e| e.wrap_err("postinst script failed"))?;
+		run!(~"unshare","-R", &rootname, &*format!("/{name}")).map_err(|e| {
+			unmount_chroot(rootname).unwrap();
+			e.wrap_err("postinst script failed")
+		})?;
 		debug!(?dest, "Removing postinst script");
 		std::fs::remove_file(dest)?;
 		// debug!("Unmounting /dev, /proc, /sys");
-		// unmount_chroot(rootname)?;
+		unmount_chroot(rootname)?;
 		Ok(())
 	}
 
@@ -396,7 +436,7 @@ pub trait ImageCreator {
 			info!(out_file, "Creating disk file");
 
 			cmd_lib::run_cmd!(
-				fallocate -l $disk_size $out_file;
+				truncate -s $disk_size $out_file;
 			)?;
 
 			// Mount disk image to loop device, and return the loop device name
@@ -577,7 +617,8 @@ pub trait ImageCreator {
 		cmd_lib::run_cmd!(
 			$dnf in -y --releasever=$rel $[extra_args] --installroot $root $[pkgs];
 			$dnf clean all;
-		).unwrap_or_else(|e| {
+		)
+		.unwrap_or_else(|e| {
 			error!(?e, "Failed to install packages");
 			unmount_chroot(root).unwrap_or_else(|e| {
 				error!(?e, "Failed to unmount chroot");

tests/init.sh

@@ -1,5 +1,8 @@
 #!/bin/bash -x
 set -x
+
+sudo semanage permissive -a setfiles_mac_t || true
+
 echo "Initializing chroot and repos"
 
 mkdir -p ./etc/yum.repos.d ./etc/dnf

tests/katsudon-arm.yaml

@@ -2,7 +2,7 @@ dnf: dnf
 distro: Ultramarine-ARM
 instroot: instroot-arm/
 # this is the name of the iso
-out: out
+out: out2
 volid: ULTRAMARINE
 arch: aarch64
 format: disk
@@ -50,8 +50,8 @@ packages:
 
 disk:
   bootloader: true
-  root_format: xfs
-  disk_size: 6G
+  root_format: btrfs
+  disk_size: 8G
 
 sys:
   releasever: 38

tests/postinst.sh

@@ -32,7 +32,8 @@ rm -f /var/lib/rpm/__db*
 
 echo "Fixing SELinux labels"
 
-# fixfiles -vRa restore
+setfiles -v -F -e /proc -e /sys -e /dev -e /bin /etc/selinux/targeted/contexts/files/file_contexts /
+setfiles -v -F -e /proc -e /sys -e /dev -e /etc/selinux/targeted/contexts/files/file_contexts.bin /bin
 
 # todo: move this out of postinst
 grub2-mkconfig > /boot/grub2/grub.cfg