[Libguestfs] [PATCH libguestfs-common 2/2] mlcustomize: Fall back to autorelabel if specfile does not exist (RHBZ#1828952).
Pino Toscano
ptoscano at redhat.com
Mon May 18 09:12:29 UTC 2020
On Tuesday, 5 May 2020 17:44:15 CEST Richard W.M. Jones wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c2
I think we need to do a different approach than this patch.
The biggest thing is that currently we check only SELINUXTYPE for the
actual policy, however we do not check SELINUX in case SELinux is in
enforcing mode at all.
IMHO we rather need to read /etc/selinux/<SELINUX> first:
- if enforcing, go ahead with the current relabeling: check SELINUXTYPE,
get the policy path, etc; if set like this, then most probably the
SELINUXTYPE points to a valid policy, otherwise the guest would not
even boot
- if permissive or disabled, do not perform any relabeling, including
touching /.autorelabel; this is because SELinux was disabled, so
attempting any relabeling might result in failures
--
Pino Toscano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20200518/db93a0a7/attachment.sig>
More information about the Libguestfs
mailing list