From c4a2534e2da2ae3e0e516b35a83aacf6b750ac4f Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Tue, 2 Oct 2018 11:10:30 -0700 Subject: [PATCH] fs_mgr: overlayfs stop adding rootcontext= to mount By adding the root context, we cause an issue with kernel security profile, the kernel can kick back overlay mounts because the sepolicy is not initialized. observable error when we have root context setup: SELinux: Unable to set superblock options before the security\ server is initialized init: [libfs_mgr]__mount(source=overlay,target=/system,\ type=overlay,upperdir=/cache/overlay/system/upper)=-1:\ Invalid argument root context was added initially due to paranoia, so the side effects are non existent unless upperdir sepolicy is adjusted. Test: manual Bug: 109821005 Change-Id: Id218add0a32df3b2a4626d8cb8aa783760c78cc4 --- fs_mgr/fs_mgr_overlayfs.cpp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp index bc3e69eaa..07b2a7ae9 100644 --- a/fs_mgr/fs_mgr_overlayfs.cpp +++ b/fs_mgr/fs_mgr_overlayfs.cpp @@ -147,10 +147,8 @@ std::string fs_mgr_get_overlayfs_options(const std::string& mount_point) { auto candidate = fs_mgr_get_overlayfs_candidate(mount_point); if (candidate.empty()) return ""; - auto context = fs_mgr_get_context(mount_point); - if (!context.empty()) context = ",rootcontext="s + context; return "override_creds=off,"s + kLowerdirOption + mount_point + "," + kUpperdirOption + - candidate + kUpperName + ",workdir=" + candidate + kWorkName + context; + candidate + kUpperName + ",workdir=" + candidate + kWorkName; } bool fs_mgr_system_root_image(const fstab* fstab) {