[Libguestfs] virt-copy-in - how do I get the selinux relabeling done for the file?
Yaniv Kaul
ykaul at redhat.com
Sun Dec 24 14:34:54 UTC 2017
On Sun, Dec 24, 2017 at 4:20 PM, Richard W.M. Jones <rjones at redhat.com>
wrote:
> On Sun, Dec 24, 2017 at 03:59:33PM +0200, Yaniv Kaul wrote:
> > On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones at redhat.com>
> > wrote:
> >
> > > On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote:
> > > > I'm copying a file into a VM using virt-copy-in - which is great,
> but the
> > > > file is wrongly labeled.
> > > > How can I fix that?
> > >
> > > Hi Yaniv,
> > >
> > > The easiest thing is to run this after doing the virt-copy-in:
> > >
> > > virt-customize -a disk.img --selinux-relabel
> > >
> > > which will run this code:
> > >
> > > https://github.com/libguestfs/libguestfs/blob/master/
> > > customize/SELinux_relabel.ml#L27
> > >
> > > That requires an extra launch of the appliance, so if you were very
> > > concerned about doing this most efficiently then you could do
> > > something like this instead:
> > >
> > > guestfish -a disk.img -i <<EOF
> > > copy-in files [...] /target/dir
> > > selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts
> / force:true
>
> In case it's not clear, this parameter
> ^^^
> controls the scope of the relabelling, so you can relabel parts of the
> filesystem if you want to. It's basically a wrapper around
> ‘setfiles’:
>
> https://github.com/libguestfs/libguestfs/blob/
> dab065a8eed6c6d8d9c53956393566812cfe6a2e/daemon/selinux-relabel.c#L87
>
> Rich.
>
Thanks, I think I'm all good - seems to be working nice[1].
I think a great future feature of guestfish would be to run Ansible-based
modules/roles against the VM.
All is needed is an IP, inject SSH credentials. Anything else?
Y.
[1] https://gerrit.ovirt.org/#/c/85715/1/src/ansible/create_target_vm.yml
>
> --
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~
> rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> Fedora Windows cross-compiler. Compile Windows programs, test, and
> build Windows installers. Over 100 libraries supported.
> http://fedoraproject.org/wiki/MinGW
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20171224/38d2eb12/attachment.htm>
More information about the Libguestfs
mailing list