[Libguestfs] [libguestfs PATCH 2/2] generator/customize: invert SELinux relabeling default

Laszlo Ersek lersek at redhat.com
Tue May 10 10:27:57 UTC 2022 

Replace the "--selinux-relabel" option with "--no-selinux-relabel",
inverting the default behavior (for guests with SELinux support, that is
-- relabeling is always skipped for guests that don't support SELinux.)

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718
Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
 generator/customize.ml | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/generator/customize.ml b/generator/customize.ml
index 3b3eec6d2370..9634dad85a64 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -564,18 +564,21 @@ to modify C</etc/sysconfig/authconfig> (Fedora, RHEL) or
 C</etc/pam.d/common-password> (Debian, Ubuntu).";
   };
 
-  { flag_name = "selinux-relabel";
+  { flag_name = "no-selinux-relabel";
     flag_type = FlagBool false (* XXX - the default in virt-builder *);
-    flag_ml_var = "selinux_relabel";
-    flag_shortdesc = "Relabel files with correct SELinux labels";
+    flag_ml_var = "no_selinux_relabel";
+    flag_shortdesc = "Do not relabel files with correct SELinux labels";
     flag_pod_longdesc = "\
-Relabel files in the guest so that they have the correct SELinux label.
+Do not attempt to correct the SELinux labels of files in the guest.
 
-This will attempt to relabel files immediately, but if the operation fails
-this will instead touch F</.autorelabel> on the image to schedule a
-relabel operation for the next time the image boots.
+In such guests that support SELinux, customization automatically
+relabels files so that they have the correct SELinux label.  (The
+relabeling is performed immediately, but if the operation fails,
+customization will instead touch F</.autorelabel> on the image to
+schedule a relabel operation for the next time the image boots.)  This
+option disables the automatic relabeling.
 
-This option is a no-op for guests that do not support SELinux.";
+The option is a no-op for guests that do not support SELinux.";
   };
 
   { flag_name = "sm-credentials";
-- 
2.19.1.3.g30247aa5d201

More information about the Libguestfs mailing list