thr3ads.net - Libguestfs - [Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577). [Mar 2017]

If this information is useful, please help other people find it:
Share via:

Richard W.M. Jones

2017-Mar-20 18:14 UTC

[Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

---
 daemon/selinux-relabel.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c
index 112bee1..2f48ee6 100644
--- a/daemon/selinux-relabel.c
+++ b/daemon/selinux-relabel.c
@@ -27,6 +27,8 @@
 #include "actions.h"
 #include "optgroups.h"
 
+#include "ignore-value.h"
+
 GUESTFSD_EXT_CMD(str_setfiles, setfiles);
 
 #define MAX_ARGS 64
@@ -37,6 +39,20 @@ optgroup_selinuxrelabel_available (void)
   return prog_exists (str_setfiles);
 }
 
+static int
+setfiles_has_m_option (void)
+{
+  static int flag = -1;
+  CLEANUP_FREE char *err = NULL;
+
+  if (flag == -1) {
+    ignore_value (command (NULL, &err, str_setfiles, "-m",
NULL));
+    flag = err && strstr (err, /* "invalid option -- " */
"'m'") == NULL;
+  }
+
+  return flag;
+}
+
 /* Takes optional arguments, consult optargs_bitmask. */
 int
 do_selinux_relabel (const char *specfile, const char *path,
@@ -83,6 +99,13 @@ do_selinux_relabel (const char *specfile, const char *path,
   ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux);
   ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys);
 
+  /* You have to use the -m option (where available) otherwise
+   * setfiles puts all the mountpoints on the excludes list for no
+   * useful reason (RHBZ#1433577).
+   */
+  if (setfiles_has_m_option ())
+    ADD_ARG (argv, i, "-m");
+
   /* Relabelling in a chroot. */
   if (STRNEQ (sysroot, "/")) {
     ADD_ARG (argv, i, "-r");
-- 
2.10.2

Pino Toscano

2017-Mar-21 09:57 UTC

head link

Re: [Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

On Monday, 20 March 2017 19:14:46 CET Richard W.M. Jones
wrote:> ---
Such behaviour changes :-(

LGTM, unless the default behaviour of setfiles changes soon...

Thanks,
-- 
Pino Toscano

Richard W.M. Jones

2017-Mar-21 14:43 UTC

head link

Re: [Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

On Tue, Mar 21, 2017 at 10:57:47AM +0100, Pino Toscano
wrote:> On Monday, 20 March 2017 19:14:46 CET Richard W.M. Jones wrote:
> > ---
> 
> Such behaviour changes :-(
> 
> LGTM, unless the default behaviour of setfiles changes soon...
Thanks, I'll push this one shortly.

We most likely need this one in RHEL 7.4.  But not the
other (-vv) patch.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org

Reasonably Related Threads

Search for more apparently analagous threads

Libguestfs - Mar 2017 - [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

[Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

Re: [Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

Re: [Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

Reasonably Related Threads