search for: selinuxtype_path

...(Array.to_list l) + let relabel (g : G.guestfs) = (* Is the guest using SELinux? *) if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" && @@ -44,7 +48,7 @@ let relabel (g : G.guestfs) = let config_path = "/files/etc/selinux/config" in let selinuxtype_path = config_path ^ "/SELINUXTYPE" in let keys = g#aug_ls config_path in - if Array.mem selinuxtype_path keys then + if array_find selinuxtype_path keys then g#aug_get selinuxtype_path else "targeted" in -- 2.14.3

...e fallback in case something in the setfiles + * method didn't work. That includes the case where a non-SELinux + * host is processing an SELinux guest, and other things. *) - let policy = - let config_path = "/files/etc/selinux/config" in - let selinuxtype_path = config_path ^ "/SELINUXTYPE" in - let keys = g#aug_ls config_path in - if array_find selinuxtype_path keys then - g#aug_get selinuxtype_path - else - "targeted" in + g#touch "/.autorelabel" + ) - g#aug_close (); +an...

Continuation/rework of: https://www.redhat.com/archives/libguestfs/2020-May/msg00020.html This is my approach, as I explained here: https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c4 https://www.redhat.com/archives/libguestfs/2020-May/msg00035.html IOW: do not attempt to relabel if the guest is not enforcing, as it is either useless or may fail; few words more are in the comments of patch #3.

.../SELINUXTYPE" in + (* Get the SELinux policy name, eg. "targeted", "minimum". + * Use "targeted" if not specified, just like libselinux does. + *) + let policy = + let config_path = "/files/etc/selinux/config" in + let selinuxtype_path = config_path ^ "/SELINUXTYPE" in + let keys = g#aug_ls config_path in + if Array.mem selinuxtype_path keys then + g#aug_get selinuxtype_path + else + "targeted" in + g#aug_close (); (* Get the spec file name. *) diff --git...