From a5e6e764c8753c254e801b32059530fbc2e86e8d Mon Sep 17 00:00:00 2001

From: "Richard W.M. Jones" <rjones@redhat.com>

Date: Tue, 5 May 2020 16:44:15 +0100

Subject: [PATCH] mlcustomize: Fall back to autorelabel if specfile does not

 exist (RHBZ#1828952).

https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c2

Cherry picked from libguestfs-common

commit 101dac2eac8c61f0081c343b5d69cfa4efbc2a98 and backported

to libguestfs 1.40 branch (which predates the common submodule).

If SELINUXTYPE is set to some value other than targeted then we look

for a directory /etc/selinux/<SELINUXTYPE> which does not exist.

However this should not cause a fatal error.  Using setfiles to do the

relabelling immediately is a nice-to-have, but we can fallback to

using autorelabel if we're unable to achieve it.

---

 customize/SELinux_relabel.ml | 6 ++++++

 1 file changed, 6 insertions(+)

diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml

index 5df1f0895..5ecf7bd7e 100644

--- a/customize/SELinux_relabel.ml

+++ b/customize/SELinux_relabel.ml

@@ -77,6 +77,12 @@ and use_setfiles g =

   let specfile =

     sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in

+  (* If the spec file doesn't exist then fall back to using

+   * autorelabel (RHBZ#1828952).

+   *)

+  if not (g#is_file ~followsymlinks:true specfile) then

+    failwith "no spec file";

+

   (* RHEL 6.2 - 6.5 had a malformed specfile that contained the

    * invalid regular expression "/var/run/spice-vdagentd.\pid"

    * (instead of "\.p").  This stops setfiles from working on

-- 

2.18.4