diff options
| author | Jakob Unterwurzacher | 2025-04-19 19:39:10 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2025-04-19 19:42:28 +0200 |
| commit | 6918a4413decccd2f535e66d12b2e3dee10a74a8 (patch) | |
| tree | c8ab50649f69ba60dffbb6262160adc9ca024a88 | |
| parent | b6ada0247a6967cf7dac0a94af31cd1cdc89dd41 (diff) | |
cli: mount: add -context option
Set the SELinux context. See mount(8) for details.
| -rw-r--r-- | Documentation/MANPAGE.md | 10 | ||||
| -rw-r--r-- | cli_args.go | 5 | ||||
| -rw-r--r-- | mount.go | 3 |
3 files changed, 16 insertions, 2 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index c7a1c03..64bbaa8 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -208,6 +208,16 @@ Show all invalid filenames: -badname '*' +#### -context string +Set the SELinux context. See mount(8) for details. + +This option was added for compatibility with xfstests which sets +this option via `-o context="system_u:object_r:root_t:s0"`. + +Only works when mounting as root, otherwise you get this error from fusermount3: + + fusermount3: unknown option 'context="system_u:object_r:root_t:s0"' + #### -ctlsock string Create a control socket at the specified location. The socket can be used to decrypt and encrypt paths inside the filesystem. When using diff --git a/cli_args.go b/cli_args.go index 2e9e796..4101b86 100644 --- a/cli_args.go +++ b/cli_args.go @@ -35,9 +35,9 @@ type argContainer struct { // Mount options with opposites dev, nodev, suid, nosuid, exec, noexec, rw, ro, kernel_cache, acl bool masterkey, mountpoint, cipherdir, cpuprofile, - memprofile, ko, ctlsock, fsname, force_owner, trace string + memprofile, ko, ctlsock, fsname, force_owner, trace, context string // FIDO2 - fido2 string + fido2 string fido2_assert_options []string // -extpass, -badname, -passfile can be passed multiple times extpass, badname, passfile []string @@ -211,6 +211,7 @@ func parseCliOpts(osArgs []string) (args argContainer) { flagSet.StringVar(&args.force_owner, "force_owner", "", "uid:gid pair to coerce ownership") flagSet.StringVar(&args.trace, "trace", "", "Write execution trace to file") flagSet.StringVar(&args.fido2, "fido2", "", "Protect the masterkey using a FIDO2 token instead of a password") + flagSet.StringVar(&args.context, "context", "", "Set SELinux context (see mount(8) for details)") flagSet.StringArrayVar(&args.fido2_assert_options, "fido2-assert-option", nil, "Options to be passed with `fido2-assert -t`") // Exclusion options @@ -469,6 +469,9 @@ func initGoFuse(rootNode fs.InodeEmbedder, args *argContainer) *fuse.Server { } else if args.exec { opts["exec"] = "" } + if args.context != "" { + opts["context"] = args.context + } // Add additional mount options (if any) after the stock ones, so the user has // a chance to override them. if args.ko != "" { |