[Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).
Richard W.M. Jones
rjones at redhat.com
Mon Mar 20 18:14:46 UTC 2017
---
daemon/selinux-relabel.c | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 112bee1..2f48ee6 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -27,6 +27,8 @@
#include "actions.h"
#include "optgroups.h"
+#include "ignore-value.h"
+
GUESTFSD_EXT_CMD(str_setfiles, setfiles);
#define MAX_ARGS 64
@@ -37,6 +39,20 @@ optgroup_selinuxrelabel_available (void)
return prog_exists (str_setfiles);
}
+static int
+setfiles_has_m_option (void)
+{
+ static int flag = -1;
+ CLEANUP_FREE char *err = NULL;
+
+ if (flag == -1) {
+ ignore_value (command (NULL, &err, str_setfiles, "-m", NULL));
+ flag = err && strstr (err, /* "invalid option -- " */ "'m'") == NULL;
+ }
+
+ return flag;
+}
+
/* Takes optional arguments, consult optargs_bitmask. */
int
do_selinux_relabel (const char *specfile, const char *path,
@@ -83,6 +99,13 @@ do_selinux_relabel (const char *specfile, const char *path,
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys);
+ /* You have to use the -m option (where available) otherwise
+ * setfiles puts all the mountpoints on the excludes list for no
+ * useful reason (RHBZ#1433577).
+ */
+ if (setfiles_has_m_option ())
+ ADD_ARG (argv, i, "-m");
+
/* Relabelling in a chroot. */
if (STRNEQ (sysroot, "/")) {
ADD_ARG (argv, i, "-r");
--
2.10.2
More information about the Libguestfs
mailing list