[Libguestfs] [PATCH] document behavior of --selinux-relabel
Lars Kellogg-Stedman
lars at redhat.com
Thu Mar 24 19:21:45 UTC 2016
the description of the --selinux-relabel option suggests that it
perform an immediate relabel, when in fact it may (and probably will)
instead simply touch /.autorelabel on the image, which schedules a
relabel operation for the next time the image boots. This can be
surprising because it results both in an extended initial boot time
*and* results in an automatic reboot (on some distributions).
---
generator/customize.ml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/generator/customize.ml b/generator/customize.ml
index 36d185c..b146325 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -522,6 +522,9 @@ C</etc/pam.d/common-password> (Debian, Ubuntu).";
flag_shortdesc = "Relabel files with correct SELinux labels";
flag_pod_longdesc = "\
Relabel files in the guest so that they have the correct SELinux label.
+This will attempt to relabel files immediately, but if the operation fails
+this will instead touch C</.autorelabel> on the image to schedule a
+relabel operation for the next time the image boots.
You should only use this option for guests which support SELinux.";
};
--
2.5.5
More information about the Libguestfs
mailing list