[Libguestfs] SELinux relabel API
Colin Walters
walters at verbum.org
Thu Dec 10 16:39:41 UTC 2015
On Sat, May 24, 2014, at 10:39 AM, Colin Walters wrote:
>
> > Dan Walsh helpfully pointed out to us that we've been doing it wrong
> > all along :-) A much better way to relabel is to run:
> >
> > setfiles /etc/selinux/targeted/contexts/files/file_contexts DIR
>
> Yes, this is what I'm doing with OSTree. However in the general cross
> labeling case it has a subtle issue with PCRE:
> http://comments.gmane.org/gmane.comp.security.selinux/20214
>
> There is of course always the potential issue for incompatible future
> changes in the file_contexts format.
>
> My current workaround is:
> https://github.com/cgwalters/rpm-ostree/commit/0cb346b798aead0fd544e2c9ef45f1817ba19434
FWIW I don't have an immediate major need for the relabeling API because
we use Anaconda which does initial labeling there. The remaining
use cases for libguestfs apps of debug/repair are still valid, but those aren't
critical path.
More information about the Libguestfs
mailing list