Libguestfs - Dec 2017 - Re: virt-copy-in - how do I get the selinux relabeling done for the file?

I'm copying a file into a VM using virt-copy-in - which is great, but the
file is wrongly labeled.
How can I fix that?
TIA,
Y.

On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul
wrote:
> I'm copying a file into a VM using virt-copy-in - which is great, but
the
> file is wrongly labeled.
> How can I fix that?
Hi Yaniv,

The easiest thing is to run this after doing the virt-copy-in:

  virt-customize -a disk.img --selinux-relabel

which will run this code:

 
https://github.com/libguestfs/libguestfs/blob/master/customize/SELinux_relabel.ml#L27

That requires an extra launch of the appliance, so if you were very
concerned about doing this most efficiently then you could do
something like this instead:

  guestfish -a disk.img -i <<EOF
    copy-in files [...] /target/dir
    selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts /
force:true
  EOF

That isn't quite the same as the virt-customize code above, and in
particular it assumes that you're using the "targeted" policy and
you
don't have the buggy version of RHEL 6, but it's near enough for most
purposes.  If you want to do any better you'd need to write a custom
script in Python or whatever.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

On Sun, Dec 24, 2017 at 01:49:33PM +0000, Richard W.M. Jones
wrote:
> On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote:
> > I'm copying a file into a VM using virt-copy-in - which is great,
but the
> > file is wrongly labeled.
> > How can I fix that?
> 
> Hi Yaniv,
> 
> The easiest thing is to run this after doing the virt-copy-in:
> 
>   virt-customize -a disk.img --selinux-relabel
Hmm, actually I forgot you can do this which does both ...

  virt-customize -a disk.img --copy-in localpath:remotepath --selinux-relabel

You can use --copy-in multiple times if you need to.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones@redhat.com>
wrote:
> On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote:
> > I'm copying a file into a VM using virt-copy-in - which is great,
but the
> > file is wrongly labeled.
> > How can I fix that?
>
> Hi Yaniv,
>
> The easiest thing is to run this after doing the virt-copy-in:
>
>   virt-customize -a disk.img --selinux-relabel
>
> which will run this code:
>
>   https://github.com/libguestfs/libguestfs/blob/master/
> customize/SELinux_relabel.ml#L27
>
> That requires an extra launch of the appliance, so if you were very
> concerned about doing this most efficiently then you could do
> something like this instead:
>
>   guestfish -a disk.img -i <<EOF
>     copy-in files [...] /target/dir
>     selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts /
> force:true
>   EOF
>
Thanks - this is exactly what I've decided to use first.
I'll run virt-customize if I need to do more work (specifically, I believe
it'll relabel everything, etc. - not sure I need it right now).
Y.

>
> That isn't quite the same as the virt-customize code above, and in
> particular it assumes that you're using the "targeted" policy
and you
> don't have the buggy version of RHEL 6, but it's near enough for
most
> purposes.  If you want to do any better you'd need to write a custom
> script in Python or whatever.
>
> Rich.
>
> --
> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~
> rjones
> Read my programming and virtualization blog: http://rwmj.wordpress.com
> virt-top is 'top' for virtual machines.  Tiny program with many
> powerful monitoring features, net stats, disk stats, logging, etc.
> http://people.redhat.com/~rjones/virt-top
>