search for: read_selinux_config_key

Displaying 4 results from an estimated 4 matches for "read_selinux_config_key".

2020 Sep 23
6
[common PATCH 0/3] SELinux_relabel: relabel only if enforcing (RHBZ#1828952)
Continuation/rework of: https://www.redhat.com/archives/libguestfs/2020-May/msg00020.html This is my approach, as I explained here: https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c4 https://www.redhat.com/archives/libguestfs/2020-May/msg00035.html IOW: do not attempt to relabel if the guest is not enforcing, as it is either useless or may fail; few words more are in the comments of patch #3.
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...g#aug_load (); > debug_augeas_errors g; > > + (* Get the SELinux enforcing mode, eg "enforcing", "permissive", > + * "disabled". > + * Use "disabled" if not specified, just like libselinux seems to do. > + *) > + let typ = read_selinux_config_key g "SELINUX" "disabled" in > + (* Do not attempt any relabelling if the SELinux is not "enforcing": > + * - in "permissive" mode SELinux is still running, however nothing is > + * enforced: this means labels can be wrong, and "it is fine&q...
2020 Sep 23
0
[common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...9,6 +68,21 @@ and use_setfiles g = g#aug_load (); debug_augeas_errors g; + (* Get the SELinux enforcing mode, eg "enforcing", "permissive", + * "disabled". + * Use "disabled" if not specified, just like libselinux seems to do. + *) + let typ = read_selinux_config_key g "SELINUX" "disabled" in + (* Do not attempt any relabelling if the SELinux is not "enforcing": + * - in "permissive" mode SELinux is still running, however nothing is + * enforced: this means labels can be wrong, and "it is fine" + * - wh...
2020 Sep 24
0
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...g_augeas_errors g; > > > > + (* Get the SELinux enforcing mode, eg "enforcing", "permissive", > > + * "disabled". > > + * Use "disabled" if not specified, just like libselinux seems to do. > > + *) > > + let typ = read_selinux_config_key g "SELINUX" "disabled" in > > + (* Do not attempt any relabelling if the SELinux is not "enforcing": > > + * - in "permissive" mode SELinux is still running, however nothing is > > + * enforced: this means labels can be wrong, and &qu...