bool "Full"
endchoice
+ config TARGET_ROOTFS_SECURITY_LABELS
+ bool "Enable rootfs security labels"
+ select KERNEL_SQUASHFS_XATTR
+ select KERNEL_EXT4_FS_SECURITY
+ select KERNEL_F2FS_FS_SECURITY
+ select KERNEL_UBIFS_FS_SECURITY
+ select KERNEL_JFFS2_FS_SECURITY
+ select PACKAGE_refpolicy
+ help
+ This option enables the usage of SELinux labels
endmenu
$(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S))))
$(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))))
-define Image/mkfs/squashfs
+define Image/mkfs/squashfs-common
$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
-nopad -noappend -root-owned \
-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
-processors 1
endef
+ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
+define Image/mkfs/squashfs
+ echo "LD_LIBRARY_PATH=\$$LD_LIBRARY_PATH:$(STAGING_DIR_HOSTPKG)/lib" \
+ "$(STAGING_DIR_HOSTPKG)/sbin/setfiles -r" \
+ "$(call mkfs_target_dir,$(1))" \
+ "$(call mkfs_target_dir,$(1))/etc/selinux/targeted/contexts/files/file_contexts " \
+ "$(call mkfs_target_dir,$(1))" > $@.fakeroot-script
+ echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
+ chmod +x $@.fakeroot-script
+ $(STAGING_DIR_HOST)/bin/fakeroot $@.fakeroot-script
+endef
+else
+define Image/mkfs/squashfs
+ $(call Image/mkfs/squashfs-common,$(1))
+endef
+endif
+
# $(1): board name
# $(2): rootfs type
# $(3): kernel image
projects / openwrt / openwrt.git / commitdiff