search for: str_setfiles

...diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c index 112bee1..2f48ee6 100644 --- a/daemon/selinux-relabel.c +++ b/daemon/selinux-relabel.c @@ -27,6 +27,8 @@ #include "actions.h" #include "optgroups.h" +#include "ignore-value.h" + GUESTFSD_EXT_CMD(str_setfiles, setfiles); #define MAX_ARGS 64 @@ -37,6 +39,20 @@ optgroup_selinuxrelabel_available (void) return prog_exists (str_setfiles); } +static int +setfiles_has_m_option (void) +{ + static int flag = -1; + CLEANUP_FREE char *err = NULL; + + if (flag == -1) { + ignore_value (command (NULL,...

...Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "guestfs_protocol.h" +#include "daemon.h" +#include "actions.h" + +GUESTFSD_EXT_CMD(str_setfiles, setfiles); + +#define MAX_ARGS 64 + +/* Takes optional arguments, consult optargs_bitmask. */ +int +do_setfiles (const char *specfile, const char *path, + int force) +{ + const char *argv[MAX_ARGS]; + CLEANUP_FREE char *s_dev = NULL, *s_proc = NULL, *s_selinux = NULL, + *s_sys = N...

...t;stdio.h> #include <stdlib.h> #include <string.h> +#include <sys/types.h> +#include <sys/stat.h> #ifdef HAVE_SELINUX_SELINUX_H #include <selinux/selinux.h> @@ -31,6 +33,8 @@ #include "actions.h" #include "optgroups.h" +GUESTFSD_EXT_CMD(str_setfiles, setfiles); + #if defined(HAVE_LIBSELINUX) int @@ -92,28 +96,188 @@ OPTGROUP_SELINUX_NOT_AVAILABLE #endif /* !HAVE_LIBSELINUX */ int -do_selinux_relabel (const char *root) +optgroup_selinuxtools_available (void) +{ + return prog_exists (str_setfiles); +} + +#define SELINUXTYPE "SELINU...

[ I realized that we were discussing adding this feature, in various private email, IRC, and this long bugzilla thread: https://bugzilla.redhat.com/show_bug.cgi?id=1060423 That's not how we should do things. Let's discuss it on the mailing list. ] One thing that virt-customize/virt-sysprep/virt-builder have to do is relabel SELinux guests. What we do at the moment

v1 -> v2: - Add simple test of the setfiles API. - Use SELinux_relabel module in virt-v2v (instead of touch /.autorelabel). - Small fixes. Rich.

..._with_error ("%s: %s", dir, err); return -1; diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c index fa80cec7a..5679a29cf 100644 --- a/daemon/selinux-relabel.c +++ b/daemon/selinux-relabel.c @@ -29,14 +29,12 @@ #include "ignore-value.h" -GUESTFSD_EXT_CMD(str_setfiles, setfiles); - #define MAX_ARGS 64 int optgroup_selinuxrelabel_available (void) { - return prog_exists (str_setfiles); + return prog_exists ("setfiles"); } static int @@ -46,7 +44,7 @@ setfiles_has_m_option (void) CLEANUP_FREE char *err = NULL; if (flag == -1) { - ig...

..._with_error ("%s: %s", dir, err); return -1; diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c index fa80cec7a..9e73659d7 100644 --- a/daemon/selinux-relabel.c +++ b/daemon/selinux-relabel.c @@ -29,14 +29,14 @@ #include "ignore-value.h" -GUESTFSD_EXT_CMD(str_setfiles, setfiles); +DECLARE_EXTERNAL_COMMANDS ("setfiles") #define MAX_ARGS 64 int optgroup_selinuxrelabel_available (void) { - return prog_exists (str_setfiles); + return prog_exists ("setfiles"); } static int @@ -46,7 +46,7 @@ setfiles_has_m_option (void) CLEANUP_FRE...

We can use the setfiles(8) command to relabel the guest filesystem, even though we don't have a policy loaded nor SELinux enabled in the appliance kernel. This also deprecates or removes the old and broken SELinux support. This patch isn't quite complete - I would like to add some tests to the new API. I'm posting here to garner early feedback. Rich.

This is a simpler patch that removes GUESTFSD_EXT_CMD completely.

Replace GUESTFSD_EXT_CMD with a command line option ‘./guestfsd --print-external-commands’