|
|
2729bd |
From 8f800b369ada05ea690cebb0bb5e0fed0ba1c548 Mon Sep 17 00:00:00 2001
|
|
|
2729bd |
From: Laszlo Ersek <lersek@redhat.com>
|
|
|
2729bd |
Date: Tue, 10 May 2022 12:27:57 +0200
|
|
|
2729bd |
Subject: [PATCH] generator/customize: invert SELinux relabeling default
|
|
|
2729bd |
|
|
|
2729bd |
Replace the "--selinux-relabel" option with "--no-selinux-relabel",
|
|
|
2729bd |
inverting the default behavior (for guests with SELinux support, that is
|
|
|
2729bd |
-- relabeling is always skipped for guests that don't support SELinux.)
|
|
|
2729bd |
|
|
|
2729bd |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735
|
|
|
2729bd |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718
|
|
|
2729bd |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
2729bd |
Message-Id: <20220510102757.14466-3-lersek@redhat.com>
|
|
|
2729bd |
Acked-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
2729bd |
(cherry picked from commit 2f6a27f1077d32d1ab526427052fc88e188356f7)
|
|
|
2729bd |
---
|
|
|
2729bd |
generator/customize.ml | 19 +++++++++++--------
|
|
|
2729bd |
1 file changed, 11 insertions(+), 8 deletions(-)
|
|
|
2729bd |
|
|
|
2729bd |
diff --git a/generator/customize.ml b/generator/customize.ml
|
|
|
2729bd |
index 3b3eec6d2..9634dad85 100644
|
|
|
2729bd |
--- a/generator/customize.ml
|
|
|
2729bd |
+++ b/generator/customize.ml
|
|
|
2729bd |
@@ -564,18 +564,21 @@ to modify C</etc/sysconfig/authconfig> (Fedora, RHEL) or
|
|
|
2729bd |
C</etc/pam.d/common-password> (Debian, Ubuntu).";
|
|
|
2729bd |
};
|
|
|
2729bd |
|
|
|
2729bd |
- { flag_name = "selinux-relabel";
|
|
|
2729bd |
+ { flag_name = "no-selinux-relabel";
|
|
|
2729bd |
flag_type = FlagBool false (* XXX - the default in virt-builder *);
|
|
|
2729bd |
- flag_ml_var = "selinux_relabel";
|
|
|
2729bd |
- flag_shortdesc = "Relabel files with correct SELinux labels";
|
|
|
2729bd |
+ flag_ml_var = "no_selinux_relabel";
|
|
|
2729bd |
+ flag_shortdesc = "Do not relabel files with correct SELinux labels";
|
|
|
2729bd |
flag_pod_longdesc = "\
|
|
|
2729bd |
-Relabel files in the guest so that they have the correct SELinux label.
|
|
|
2729bd |
+Do not attempt to correct the SELinux labels of files in the guest.
|
|
|
2729bd |
|
|
|
2729bd |
-This will attempt to relabel files immediately, but if the operation fails
|
|
|
2729bd |
-this will instead touch F</.autorelabel> on the image to schedule a
|
|
|
2729bd |
-relabel operation for the next time the image boots.
|
|
|
2729bd |
+In such guests that support SELinux, customization automatically
|
|
|
2729bd |
+relabels files so that they have the correct SELinux label. (The
|
|
|
2729bd |
+relabeling is performed immediately, but if the operation fails,
|
|
|
2729bd |
+customization will instead touch F</.autorelabel> on the image to
|
|
|
2729bd |
+schedule a relabel operation for the next time the image boots.) This
|
|
|
2729bd |
+option disables the automatic relabeling.
|
|
|
2729bd |
|
|
|
2729bd |
-This option is a no-op for guests that do not support SELinux.";
|
|
|
2729bd |
+The option is a no-op for guests that do not support SELinux.";
|
|
|
2729bd |
};
|
|
|
2729bd |
|
|
|
2729bd |
{ flag_name = "sm-credentials";
|
|
|
2729bd |
--
|
|
|
2729bd |
2.31.1
|
|
|
2729bd |
|