projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 41d3dfa) | patch
repo/commit: Add support for --selinux-policy-from-base
authorColin Walters <walters@verbum.org>
Sat, 21 Mar 2020 14:48:24 +0000 (14:48 +0000)
committerColin Walters <walters@verbum.org>
Tue, 24 Mar 2020 16:34:26 +0000 (16:34 +0000)
commitb3bbbd154225e81980546b2c0b5ed98714830696
treecf95c2e08c0cc5db39e00a5fa8490a76d626e51ctree | snapshot
parent41d3dfa7b8591c9b388e160b6248aa2ce1d71bbfcommit | diff
repo/commit: Add support for --selinux-policy-from-base

The [dev-overlay](https://github.com/coreos/coreos-assembler/blob/332c6ab3b91778d904224c3c960d9cc4739d60bd/src/cmd-dev-overlay)
script shipped in coreos-assembler mostly exists to deal
with the nontrivial logic around SELinux policy.  Let's make
the use case of "commit some binaries overlaying a base tree, using
the base's selinux policy" just require a magical
`--selinux-policy-from-base` argument to `ostree commit`.

A new C API was added to implement this in the case of `--tree=ref`;
when the base directory is already checked out, we can just reuse
the existing logic that `--selinux-policy` was using.

Requires: https://github.com/ostreedev/ostree/pull/2039
apidoc/ostree-sections.txt diff | blob | history
src/libostree/libostree-devel.sym diff | blob | history
src/libostree/ostree-repo-commit.c diff | blob | history
src/libostree/ostree-repo-private.h diff | blob | history
src/libostree/ostree-repo.h diff | blob | history
src/ostree/ot-builtin-commit.c diff | blob | history
tests/kola/destructive/itest-label-selinux.sh diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.