set_lsb_release.sh: only setfattr for selinux if modified
For set_lsb_release.sh called without parameter, it doesn't modify
anything in the image, and mount the image ro. Thus setfattr to
ensure security.selinux xattr will fail with Read-only filesystem,
and is not necessary since nothing has been modified.
BUG=chromium:954670
TEST=set_lsb_release.sh xx.bin a b
TEST=set_lsb_release.sh xx.bin
BRANCH=none
Change-Id: I32bf61796c2b60d18e4e62cc43f2d0e9dc75cef5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1666516
Tested-by: Qijiang Fan <fqj@google.com>
Commit-Queue: LaMont Jones <lamontjones@chromium.org>
Reviewed-by: LaMont Jones <lamontjones@chromium.org>
diff --git a/scripts/image_signing/set_lsb_release.sh b/scripts/image_signing/set_lsb_release.sh
index 4e5ebd9..f971b7b 100755
--- a/scripts/image_signing/set_lsb_release.sh
+++ b/scripts/image_signing/set_lsb_release.sh
@@ -19,6 +19,7 @@
| sudo tee -a "$temp_lsb_release" > /dev/null
sudo sort -o "$rootfs/etc/lsb-release" "$temp_lsb_release"
sudo rm -f "$temp_lsb_release"
+ restore_lsb_selinux "$rootfs/etc/lsb-release"
}
main() {
@@ -65,11 +66,11 @@
set_lsb_release_keyval "${rootfs}" "${key}" "${value}"
done
- # Make sure security.selinux xattr
- restore_lsb_selinux "$rootfs/etc/lsb-release"
-
# Dump the final state.
cat "${rootfs}/etc/lsb-release"
+
+ # Dump security context for lsb-release file
+ getfattr -n security.selinux "${rootfs}/etc/lsb-release"
}
main "$@"
