Displaying 4 results from an estimated 4 matches for "read_selinux_config_key".
2020 Sep 23
6
[common PATCH 0/3] SELinux_relabel: relabel only if enforcing (RHBZ#1828952)
Continuation/rework of:
https://www.redhat.com/archives/libguestfs/2020-May/msg00020.html
This is my approach, as I explained here:
https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c4
https://www.redhat.com/archives/libguestfs/2020-May/msg00035.html
IOW: do not attempt to relabel if the guest is not enforcing, as it is
either useless or may fail; few words more are in the comments of patch
#3.
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...g#aug_load ();
> debug_augeas_errors g;
>
> + (* Get the SELinux enforcing mode, eg "enforcing", "permissive",
> + * "disabled".
> + * Use "disabled" if not specified, just like libselinux seems to do.
> + *)
> + let typ = read_selinux_config_key g "SELINUX" "disabled" in
> + (* Do not attempt any relabelling if the SELinux is not "enforcing":
> + * - in "permissive" mode SELinux is still running, however nothing is
> + * enforced: this means labels can be wrong, and "it is fine&q...
2020 Sep 23
0
[common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...9,6 +68,21 @@ and use_setfiles g =
g#aug_load ();
debug_augeas_errors g;
+ (* Get the SELinux enforcing mode, eg "enforcing", "permissive",
+ * "disabled".
+ * Use "disabled" if not specified, just like libselinux seems to do.
+ *)
+ let typ = read_selinux_config_key g "SELINUX" "disabled" in
+ (* Do not attempt any relabelling if the SELinux is not "enforcing":
+ * - in "permissive" mode SELinux is still running, however nothing is
+ * enforced: this means labels can be wrong, and "it is fine"
+ * - wh...
2020 Sep 24
0
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...g_augeas_errors g;
> >
> > + (* Get the SELinux enforcing mode, eg "enforcing", "permissive",
> > + * "disabled".
> > + * Use "disabled" if not specified, just like libselinux seems to do.
> > + *)
> > + let typ = read_selinux_config_key g "SELINUX" "disabled" in
> > + (* Do not attempt any relabelling if the SELinux is not "enforcing":
> > + * - in "permissive" mode SELinux is still running, however nothing is
> > + * enforced: this means labels can be wrong, and &qu...