[Libguestfs] virt-copy-in - how do I get the selinux relabeling done for the file?

Sun Dec 24 13:59:33 UTC 2017

On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones at redhat.com>
wrote:

> On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote:
> > I'm copying a file into a VM using virt-copy-in - which is great, but the
> > file is wrongly labeled.
> > How can I fix that?
>
> Hi Yaniv,
>
> The easiest thing is to run this after doing the virt-copy-in:
>
>   virt-customize -a disk.img --selinux-relabel
>
> which will run this code:
>
>   https://github.com/libguestfs/libguestfs/blob/master/
> customize/SELinux_relabel.ml#L27
>
> That requires an extra launch of the appliance, so if you were very
> concerned about doing this most efficiently then you could do
> something like this instead:
>
>   guestfish -a disk.img -i <<EOF
>     copy-in files [...] /target/dir
>     selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts /
> force:true
>   EOF
>

Thanks - this is exactly what I've decided to use first.
I'll run virt-customize if I need to do more work (specifically, I believe
it'll relabel everything, etc. - not sure I need it right now).
Y.

>
> That isn't quite the same as the virt-customize code above, and in
> particular it assumes that you're using the "targeted" policy and you
> don't have the buggy version of RHEL 6, but it's near enough for most
> purposes.  If you want to do any better you'd need to write a custom
> script in Python or whatever.
>
> Rich.
>
> --
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~
> rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-top is 'top' for virtual machines.  Tiny program with many
> powerful monitoring features, net stats, disk stats, logging, etc.
> http://people.redhat.com/~rjones/virt-top
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20171224/5b9c0715/attachment.htm>