[Libguestfs] [PATCH] document behavior of --selinux-relabel
Richard W.M. Jones
rjones at redhat.com
Thu Mar 24 20:22:29 UTC 2016
On Thu, Mar 24, 2016 at 03:21:45PM -0400, Lars Kellogg-Stedman wrote:
> the description of the --selinux-relabel option suggests that it
> perform an immediate relabel, when in fact it may (and probably will)
> instead simply touch /.autorelabel on the image, which schedules a
> relabel operation for the next time the image boots. This can be
> surprising because it results both in an extended initial boot time
> *and* results in an automatic reboot (on some distributions).
> ---
> generator/customize.ml | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/generator/customize.ml b/generator/customize.ml
> index 36d185c..b146325 100644
> --- a/generator/customize.ml
> +++ b/generator/customize.ml
> @@ -522,6 +522,9 @@ C</etc/pam.d/common-password> (Debian, Ubuntu).";
> flag_shortdesc = "Relabel files with correct SELinux labels";
> flag_pod_longdesc = "\
> Relabel files in the guest so that they have the correct SELinux label.
> +This will attempt to relabel files immediately, but if the operation fails
> +this will instead touch C</.autorelabel> on the image to schedule a
> +relabel operation for the next time the image boots.
>
> You should only use this option for guests which support SELinux.";
> };
Thanks - I pushed this with a couple (of characters) of very minor
changes :-)
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list