[Libguestfs] [PATCH] Add documentation for SELinux configuration
Richard W.M. Jones
rjones at redhat.com
Wed Aug 12 16:46:51 UTC 2009
This patch documents how to use the new SELinux configuration.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
-------------- next part --------------
>From da1fc98ac230329a132de02f8019c0f024374459 Mon Sep 17 00:00:00 2001
From: Richard Jones <rjones at trick.home.annexia.org>
Date: Wed, 12 Aug 2009 17:40:22 +0100
Subject: [PATCH 1/2] Add documentation for SELinux configuration.
---
guestfs.pod | 38 ++++++++++++++++++++++++++++++++++++++
1 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/guestfs.pod b/guestfs.pod
index 4d462f3..bc16ecb 100644
--- a/guestfs.pod
+++ b/guestfs.pod
@@ -316,6 +316,11 @@ Only supports Linux guests (not Windows, BSD, etc).
Architecture limitations (eg. won't work for a PPC guest on
an X86 host).
+=item *
+
+For SELinux guests, you may need to enable SELinux and load policy
+first. See I<SELINUX> in this manpage.
+
=back
The two main API calls to run commands are C<guestfs_command> and
@@ -337,6 +342,39 @@ directory, plus additional information about each one.
C<guestfs_find> can be used to recursively list files.
+=head2 SELINUX
+
+We support SELinux guests. To ensure that labeling happens correctly
+in SELinux guests, you need to enable SELinux and load the guest's
+policy:
+
+=over 4
+
+=item 1.
+
+Before launching, do:
+
+ guestfs_set_selinux (g, 1);
+
+=item 2.
+
+After mounting the guest's filesystem(s), load the policy. This
+is best done by running the L<load_policy(8)> command in the
+guest itself:
+
+ guestfs_sh (g, "/usr/sbin/load_policy");
+
+(Older versions of C<load_policy> require you to specify the
+name of the policy file).
+
+=back
+
+This will work for running commands and editing existing files.
+
+When new files are created, you may need to label them explicitly,
+for example by running the external command
+C<restorecon pathname>.
+
=head1 HIGH-LEVEL API ACTIONS
=head2 ABI GUARANTEE
--
1.6.2.5
More information about the Libguestfs
mailing list