[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH 1/2] builder, customize: disable SELinux



Having SELinux enabled (even if not enforcing) in the appliance causes
troubles to applications/libraries that read/write SELinux attributes.
---
 builder/builder.ml          | 6 +++++-
 customize/customize_main.ml | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/builder/builder.ml b/builder/builder.ml
index a407924..5195cfd 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -633,7 +633,11 @@ let main () =
     (match smp with None -> () | Some smp -> g#set_smp smp);
     g#set_network network;
 
-    g#set_selinux ops.flags.selinux_relabel;
+    (* Make sure to turn SELinux off to avoid awkward interactions
+     * between the appliance kernel and applications/libraries interacting
+     * with SELinux xattrs.
+     *)
+    g#set_selinux false;
 
     (* The output disk is being created, so use cache=unsafe here. *)
     g#add_drive_opts ~format:output_format ~cachemode:"unsafe" output_filename;
diff --git a/customize/customize_main.ml b/customize/customize_main.ml
index 6e0ba2d..2c8b2ef 100644
--- a/customize/customize_main.ml
+++ b/customize/customize_main.ml
@@ -208,7 +208,11 @@ read the man page virt-customize(1).
     (match memsize with None -> () | Some memsize -> g#set_memsize memsize);
     (match smp with None -> () | Some smp -> g#set_smp smp);
     g#set_network network;
-    g#set_selinux ops.flags.selinux_relabel;
+    (* Make sure to turn SELinux off to avoid awkward interactions
+     * between the appliance kernel and applications/libraries interacting
+     * with SELinux xattrs.
+     *)
+    g#set_selinux false;
 
     (* Add disks. *)
     add g dryrun;
-- 
1.9.3


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]