#include <sys/wait.h>
#include "ostree-core-private.h"
+#include "ostree-sepolicy-private.h"
#include "ostree-sysroot-private.h"
#include "ostree-deployment-private.h"
#include "ostree-bootloader-uboot.h"
GError **error)
{
gboolean ret = FALSE;
+ glnx_unref_object OstreeSePolicy *sepolicy = NULL;
OstreeDeploymentUnlockedState current_unlocked =
ostree_deployment_get_unlocked (deployment);
glnx_unref_object OstreeDeployment *deployment_clone =
if (!glnx_opendirat (self->sysroot_fd, deployment_path, TRUE, &deployment_dfd, error))
goto out;
+ sepolicy = ostree_sepolicy_new_at (deployment_dfd, cancellable, error);
+ if (!sepolicy)
+ goto out;
+
switch (unlocked_state)
{
case OSTREE_DEPLOYMENT_UNLOCKED_NONE:
const char *development_ovl_upper;
const char *development_ovl_work;
- if (!glnx_mkdtempat (AT_FDCWD, development_ovldir, 0700, error))
- goto out;
+ /* Ensure that the directory is created with the same label as `/usr` */
+ { g_auto(OstreeSepolicyFsCreatecon) con = { 0, };
+
+ if (!_ostree_sepolicy_preparefscreatecon (&con, sepolicy,
+ "/usr", 0755, error))
+ goto out;
+
+ if (!glnx_mkdtempat (AT_FDCWD, development_ovldir, 0755, error))
+ goto out;
+ }
development_ovl_upper = glnx_strjoina (development_ovldir, "/upper");
if (!glnx_shutil_mkdir_p_at (AT_FDCWD, development_ovl_upper, 0755, cancellable, error))
projects / ostree.git / commitdiff