From patchwork Fri Apr 17 03:14:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 86368 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB5A0F8E4A1 for ; Fri, 17 Apr 2026 03:15:21 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.34014.1776395719685243401 for ; Thu, 16 Apr 2026 20:15:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=QWGJ53na; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=8567b4421f=yi.zhao@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 63GHKuSa1910226 for ; Thu, 16 Apr 2026 20:15:19 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=PPS06212021; bh=DRHxe3yqyKifjlTPM0aY wCLQO3pZGEEG8AMxShbZR/s=; b=QWGJ53najA16HxzC8lIVXErfaCS/O/B4kUt9 4w/g0McLAbJ0DsksqqC9dwYCi9VfFzEcnzAonWJ9D9HMMLRdh97Tuzf2di2DFLUZ R8tZBqvVknNekfIiwUuRCFibalxSjK8aqbkU6uBJvwZOqh0MWn9Sbeg85fuhcFiA slTkCDDYE5yiWa4NxbDtyFkkZWPjF9IMSp2C708g2X0NV3Vg4hg/ojoCz3SPbjbr AGm5TUez0+74fYSo1q/RTCjGJU/jgLq+SLngIFgokZnAeVUHiuXbxEakiv8rEBJ+ MDLcsLFKNio3SxJdQtV31pJ8G6Cy1jSyjQzfVfOyi0+56xh+lg== Received: from sn4pr0501cu005.outbound.protection.outlook.com (mail-southcentralusazon11011000.outbound.protection.outlook.com [40.93.194.0]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4dh86mchuy-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Thu, 16 Apr 2026 20:15:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ir5ZJ02JrNbeg5VGGPmsXpA+NFg/ugWOTkNwiuZFmyegDpis8GMBI6CNAHetCy2/L4UXGBH7HsjwOE1X9O/9dmW1v2D0pIvChsRl3qopqPQCXA3d9RxYi469/vsPIoJp06+cKQj6lXXK7LiEb6n6rTzVMrTslem7s6fVcbfluELUo7GZiYPUHPFydiaAgM+ROLTzH4mlhtWZWLJdFX9D7ZhC4No4PIo3i8yV8T+eZ9ugdOSawQGDX/LcVrOD5iVIq8mTHQzOmzIO1tsRjLxFawLuPuDrT7YrBhuIkn1ESKRwwq5B4HmfDVuDOpBvsXFQSh6D4pnoEFgc8KjRIx7CDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DRHxe3yqyKifjlTPM0aYwCLQO3pZGEEG8AMxShbZR/s=; b=I7Yqew4lBNr2bC2ddfpOG+BkIyjsGm3oyGrubCKZXjXMMEVnyoSpNL7rw5mu6F7bM6wNrgGkv8gAJ1ky+YlC+Bjc79tSzx8p1NeXbjQt+uV7/iVwU13k3gVnDS7Rs6pEyHQviBXp8jdXhn775/ffpbibZ70DwEJ+qusTFJ8Npc8+Z6wjeNkUdu4qq5SgKjGL/8SrbG3Anxooqh3CXH0VLqh2hDKVJTZ2IbLK/CUB+j6hHVZitZqd01gl3UsMewBaXvXQQzqR51LhplR89CUczQh4yDnX6gTJYyT8jc2sMN8XBN1863ZIft6NpDNf10KmrkLAHa5bk/PrCkOGYpl09Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by DS7PR11MB8782.namprd11.prod.outlook.com (2603:10b6:8:253::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Fri, 17 Apr 2026 03:15:16 +0000 Received: from DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::3432:2eb3:d0a5:7831]) by DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::3432:2eb3:d0a5:7831%6]) with mapi id 15.20.9818.023; Fri, 17 Apr 2026 03:15:16 +0000 From: Yi Zhao To: yocto-patches@lists.yoctoproject.org Subject: [wic][PATCH] partition.py: restore selinux label for fstab Date: Fri, 17 Apr 2026 11:14:17 +0800 Message-Id: <20260417031417.583413-1-yi.zhao@windriver.com> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: TYCP301CA0052.JPNP301.PROD.OUTLOOK.COM (2603:1096:400:384::15) To IA1PR11MB6396.namprd11.prod.outlook.com (2603:10b6:208:3ab::10) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|DS7PR11MB8782:EE_ X-MS-Office365-Filtering-Correlation-Id: 5bfab260-db93-48dc-feb0-08de9c2f7ca0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|52116014|38350700014|18002099003|56012099003; X-Microsoft-Antispam-Message-Info: xrkwMfAdHh/SOJ8MNAkyGn3duAytbZhT73oFc6Cp/p1+nWCFTjAoqSY8kC7eju+69w2bYfSt79C7rIkGfe2zcHLyCmlekVrGgE1+fw7lZaVjDF3FVcES3qdf5h20STo4bMvrVkRfgXT0uHEbOO1nNL71XRuRfzL3Y2ZnA/5lF2cciyHT9VBCf2DxfNea8V0YcF0jKMkq+BnOEczBT/M3ZdVLvVHfdZ/rkKLuSKNsrtIvzlicgrF69pltP8nbrOfXIs9Y+p1DyXpyZELFEyofArLCgaqY606Bu/I1kSnXuv72O237BvLDgre3D8Z62E5KawdYYJlvDobY8UxKSZ9WFpenRoaDMvYB3WBCHYkk4M+N28T39g5KBqOIM3frh6pgddus8Ekm7IsFAX/KQhIT483I246eqBZqQT8Z4ub/rNq1mPNN+FWr1d5+Lgd2HNslA5Ya3HP7P0E/DrFKJ6K+E3loDoTdMdb6WHyDfepjTDEKXp6li1WIBzk3a2+mjnWww9Dq/3I0mvzhNdg+MKAqHNhoZpsMXRQ/YpMX0fngAvpmqHQno1cCcD915PJGy/t8a3Q01a36jwew8xZjfP7opWKWqM7syhtCBiuJFTKSWZxS8KgEQRStwWrO2gIrbrzIu3oUxFVwzwGrtdurues09tFUcCRiucrQ130Vep8zTJ1baCmYrrqZ/vR5fMwW1E5EaDYjCPBaZ6U8X2UDEBNe4bVBEqSZKPEgk43zGSUjtPB8ZSxe0k9U/kYdjmJqXEDuTfO52vK+KmJ5qEVAHCAvAKcyjlpZPvBqVjogP+AME1c= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(52116014)(38350700014)(18002099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9Qk2X5+yw+SJ2DV1kyQHX0mgwdA6qaDebfApfsv/WK4xMC6WqfW23Qt9A6IK7Ke435x9x6C2XzvIDKx1Te6yvtL79qkWSZrFroK1jHLBPMGpZ0cAxZWaB9hobCi7eI/pO9KyK+ax14eeMnq8TsZpgMElsTjHuPeU/3s2h8YekJsELURaBPFoOclOLVDf4vEhr7pbBp88Qn4faqhVD1BTRqjdRYo3Wjmk9is2k3e/G0yjaxyUdTg2Yf6IVneYylLJgYjI5GeOgVru3en0pqPtUoVfbzFdJyVCCVS+IKX0U5hBX3BRUZZFEFhX/KKOVXycKRFjhgLiBwc4Ek4RErqcH+/7xUf/P8BdYfRaOX1K2JuHEs02TfxNz/OxOFQii2UWytjx40jS4CmZLRdHpsrEBuE6ONqvb0k55nex9yWt+r64s2T+7L44P/TUkR9i/Xmrr0svQ9G6RJ91h10XrVQ2r/HTFNMDEzrA0MI4mgjGaOwL+2vsMYg1P8qAG9kXgFDLT3mqkuF0AQDpy5lMLBYssUyCf/3jQboYwj8eS6fx915rkpCTZm2NRYhZPqN5g6XEktii14dGxTH7t4aoVZK46rvkk6ikN6zj+h6ebu595VZo+CQXeBLDs4Yd3L2q6rjkVP9D/YDI5XO4Zaa53TaxCy7SkWJfp5TiqTIO9z0AubJvIZaaKbnj3+OS3k/snQlwGx5k9rlA+tBOa/COMiYfM9bU8iwjmM1XZ0/l443mgXC35A0V/Cl2JSKBvHFK34HI/6U78ywlkNSLdbM1METkL/NJ1EKXfcDQMIuSCbCjTpwJRaCg0rO2RlDVTh8YPXtV6ualpVvCVDL2t8tveQVTakzGwjjdNlxLyprQz5Cs63jPtFajTm/CrP2bjyKl1n0QGuH6yiLjP/fxSe+POwP8rqrHX6mgHWbsUqzYbJSCOBl4JTaaPfWrNLyfJY+d3x7PNHr3qEVaOfGGzwxoixfkFWIqdJqYSggUTwGklAk/C8X/UASgTx1XpgXyTx6W/SdeSP59Ib5x1xqtu7nMsVb1+il6XJ/M4bM/ufgvIaXMUW1ApG+tfb0ULHoBsSEhVAXQ69DXMUBUaWoSy3kH9I8fvg3QCdqqpoFUR+A5qGT1Cl9jUlSfzpu688V8WbNwC3Q4gLXIVuc7upwTEfJR0BzC+zE/GiUlHHl49KOCQG++oo0WptIHCbPHtd8GJqsrloPDpbB0zB+Uv81deku6Qgmeka9GVOdP2POSIliQuZ9J2jTLwtppFrG6RsiyMgYVqKuR/5AR6ZgnuQGZ/CGxt83yFF6Jv7Lg0i7AfpCGIYOUxrMREkBK7v2mDAZysZX+qAMDANBcnnCvKH5rKwxyH4sooE0D3XQYuNrCnxK3OuV7Lr29qPTbrH7BWJEAjhJ5T+CSailoLVP7W7IFw+gpiupIpSb/ft5hmgBjVjgn985deSR2HAn8CR8xqSB8yTcClHj/Ijq8ZGqs4WrVXoXP6SPloXQ+x79sf+NDRaw5DtFB5d95x9Q2GcC+0WsLhEbtsluZvluPMXf6XmhwSJN/rtbYlgE+vqSnW41i5kwWQyFUY66Jm5fHq+IkijuUxswKEGHGx279ANkO1tPz22vW+anI1K4KCjERx214s7TD4XMYqSIr0q4XsxxNg9vQQ5454pTP1iJeGexgv+Uuqevpoo/RzUQviR0kqKxWZHYownCG/KiM2WgpequGWVPCJpqzvgu3duvP0dJ+HntdqjgTAbKHPw== X-Exchange-RoutingPolicyChecked: MCm1w9trearFjpHkaZ/JIZS5ekUdV7Iq30ojWmQCVxfYp38weGOwZKjPZzdpIPcmNWfXI2SY3KQwmFwxOVOOJfD6LuUDUxiS93jvJ0NeZOYbKjy0+wVzTiVeuAHzxwyYAomls+TF92rHk4iB4tIkan19V9kL2vHtrehszoadCGs5slKa/D7FXkXFJfJX3g+yJAIvd0jPVNjebhX1SehW/OJyuEAYH9ovORINbEZaCMOPD3r7hu5K3a7s9JndVfH5UN4eLBO2fEbsyS22e4U8z+6diCJULJ6TQQTVw+ZE1JsmzzaQHNllJA7RluhcWV3i7aMtvvJVCW05kxm28QBzig== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5bfab260-db93-48dc-feb0-08de9c2f7ca0 X-MS-Exchange-CrossTenant-AuthSource: IA1PR11MB6396.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2026 03:15:16.1946 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EER3AWxA+/irHwG/E64RaZ7NmN9gBnYYnwIp/SFuFHbL2UnxZneGwvmjEKNQ4xiI2X9rvkn7G5g98MpFWUqs0g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB8782 X-Authority-Analysis: v=2.4 cv=Q5riJY2a c=1 sm=1 tr=0 ts=69e1a5c7 cx=c_pps a=QnZ2uEdZlRAtgHxfLCbJPw==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=A5OVakUREuEA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=HK-ge7EqtdluswH-FwHe:22 a=t7CeM3EgAAAA:8 a=1OVO1wKMs3fWjCVhTkcA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: IcjP5u1-tkUizSEsVaB-GQ2KfYaimRlB X-Proofpoint-ORIG-GUID: IcjP5u1-tkUizSEsVaB-GQ2KfYaimRlB X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNDE3MDAzMCBTYWx0ZWRfX9obTKdvNhPC+ pJxj+ooGYEEGQXeZMaAlTFBr3N6mTj5N53NG/eD1vXsk/BOgPJO/owoR+VCMbmtm9Af04eLv64j bGnngL2M/QIEZUipEaeLCrN+3I+YuJt7WeJL0P8JiPzYF7ZgCge+P6Ohl1My5hLBfY0s2N7osIa VGwAuqMl8A/pWpr6tK4/QaKmgXnDIO2ZoP1uVHpz+SYtNVDJy3oThcJZmIrb+m8TTHp0BKfBMFq vMUjtV8/GAArC6nYOqVHyOE9vkwt2NvktMGApTCH1mgNGQX0/Epu6iLXSdGw58QMB/vRkK2HeGd itn3ov2mvJ9PdvhrdUr+4rQbvVUQa0ASlq78QYIBvsqsT8ZcQEzVGvpkVMM3qFpl6TkVE1sFGLD cH2qrWhdx/KWNsy8GvtPqbm5D0BlQ/cWfkpH4pYD/GZp71HGTtx5r4FD+LXGsL+Uy16Dl3/3K+Z 4fjHM9/N/lDGTZZIByw== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-04-16_04,2026-04-16_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 spamscore=0 lowpriorityscore=0 clxscore=1015 impostorscore=0 adultscore=0 malwarescore=0 bulkscore=0 phishscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2604070000 definitions=main-2604170030 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 17 Apr 2026 03:15:21 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto-patches/message/3726 When SELinux is enabled, all files within a wic image retain their SELinux labels except for /etc/fstab, which is replaced by a newly generated one during the build, causing its extended attributes to be lost. Restore the SELinux context on the new fstab using debugfs ea_get and ea_set commands, ensuring all files are correctly labeled at build time and avoiding a full SELinux relabel on first boot. Signed-off-by: Yi Zhao --- src/wic/partition.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/wic/partition.py b/src/wic/partition.py index 435d31d..506ef2b 100644 --- a/src/wic/partition.py +++ b/src/wic/partition.py @@ -362,10 +362,21 @@ class Partition(): if self.updated_fstab_path and self.has_fstab and not self.no_fstab_update: debugfs_script_path = os.path.join(cr_workdir, "debugfs_script") + fstab_label_path = os.path.join(cr_workdir, "fstab.selinuxlabel") + with open(debugfs_script_path, "w") as f: + f.write("cd etc\n") + # Retrieve fstab selinux label + f.write("ea_get -f %s fstab security.selinux\n" % (fstab_label_path)) + debugfs_cmd = "debugfs -w -f %s %s" % (debugfs_script_path, rootfs) + exec_native_cmd(debugfs_cmd, native_sysroot) + with open(debugfs_script_path, "w") as f: f.write("cd etc\n") f.write("rm fstab\n") f.write("write %s fstab\n" % (self.updated_fstab_path)) + if os.path.isfile(fstab_label_path) and os.path.getsize(fstab_label_path) > 0: + # Restore fstab selinux label + f.write("ea_set -f %s fstab security.selinux\n" % (fstab_label_path)) debugfs_cmd = "debugfs -w -f %s %s" % (debugfs_script_path, rootfs) exec_native_cmd(debugfs_cmd, native_sysroot)