[Libguestfs] [PATCH v2 7/7] v2v: linux: Use new SELinux_relabel module to relabel Linux guests.
Richard W.M. Jones
rjones at redhat.com
Thu Jul 14 08:50:01 UTC 2016
---
v2v/Makefile.am | 1 +
v2v/convert_linux.ml | 14 ++++++++------
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/v2v/Makefile.am b/v2v/Makefile.am
index fc83600..cd15e30 100644
--- a/v2v/Makefile.am
+++ b/v2v/Makefile.am
@@ -131,6 +131,7 @@ BOBJECTS = \
$(top_builddir)/mllib/curl.cmo \
$(top_builddir)/customize/customize_utils.cmo \
$(top_builddir)/customize/firstboot.cmo \
+ $(top_builddir)/customize/SELinux_relabel.cmo \
$(SOURCES_ML:.ml=.cmo)
XOBJECTS = $(BOBJECTS:.cmo=.cmx)
diff --git a/v2v/convert_linux.ml b/v2v/convert_linux.ml
index e8bb0d3..ef71318 100644
--- a/v2v/convert_linux.ml
+++ b/v2v/convert_linux.ml
@@ -405,12 +405,13 @@ let rec convert ~keep_serial_console (g : G.guestfs) inspect source rcaps =
| `Grub2 -> () (* Not necessary for grub2. *)
- and autorelabel () =
- (* Only do autorelabel if load_policy binary exists. Actually
- * loading the policy is problematic.
+ and relabel () =
+ (* Only do relabel if load_policy binary and /etc/selinux/config
+ * files exist, indicating that the guest uses SELinux.
*)
- if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" then
- g#touch "/.autorelabel";
+ if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" &&
+ g#is_file ~followsymlinks:true "/etc/selinux/config" then
+ SELinux_relabel.relabel g;
and unconfigure_xen () =
(* Remove kmod-xenpv-* (RHEL 3). *)
@@ -1411,7 +1412,6 @@ let rec convert ~keep_serial_console (g : G.guestfs) inspect source rcaps =
in
augeas_grub_configuration ();
- autorelabel ();
unconfigure_xen ();
unconfigure_vbox ();
@@ -1452,6 +1452,8 @@ let rec convert ~keep_serial_console (g : G.guestfs) inspect source rcaps =
configure_kernel_modules block_type net_type;
rebuild_initrd kernel;
+ relabel ();
+
let guestcaps = {
gcaps_block_bus = block_type;
gcaps_net_bus = net_type;
--
2.7.4
More information about the Libguestfs
mailing list