live-build/scripts/build/chroot_selinuxfs

#!/bin/sh

## live-build(7) - System Build Scripts
## Copyright (C) 2016-2020 The Debian Live team
## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
##
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
## This is free software, and you are welcome to redistribute it
## under certain conditions; see COPYING for details.


set -e

# Including common functions
[ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh

# Setting static variables
DESCRIPTION="Mount /sys/fs/selinux"
USAGE="${PROGRAM} {install|remove} [--force]"

# Processing arguments and configuration files
Init_config_data "${@}"

_ACTION="${1}"
shift

# Requiring stage file
Require_stagefiles config bootstrap

# Skip if selinux is not enabled
if [ ! -e /sys/fs/selinux/enforce ] || [ "$(cat /sys/fs/selinux/enforce)" != "1" ]
then
	Echo_debug "Skipping due to selinux being disabled..."
	exit 0
fi

case "${_ACTION}" in
	install)
		Echo_message "Begin mounting /sys/fs/selinux..."

		# Checking stage file
		Check_stagefile

		# Acquire lock file
		Acquire_lockfile

		# Create mountpoint
		mkdir -p chroot/sys/fs/selinux

		# Mounting /sys/fs/selinux
		mount -t selinuxfs -o x-gvfs-hide selinuxfs-live chroot/sys/fs/selinux

		# Creating stage file
		Create_stagefile
		;;

	remove)
		Echo_message "Begin unmounting /sys/fs/selinux..."

		# Checking stage file
		Ensure_stagefile_exists

		# Acquire lock file
		Acquire_lockfile

		# Unmounting /sys/fs/selinux
		if [ -e chroot/sys/fs/selinux/enforce ]
		then
			umount chroot/sys/fs/selinux
		fi

		# Removing stage file
		Remove_stagefile
		;;

	*)
		Echo_error "Invalid action parameter: '${_ACTION}'"
		Usage --fail
		;;
esac