Displaying 6 results from an estimated 6 matches for "use_setfiles".
2020 Sep 23
6
[common PATCH 0/3] SELinux_relabel: relabel only if enforcing (RHBZ#1828952)
Continuation/rework of:
https://www.redhat.com/archives/libguestfs/2020-May/msg00020.html
This is my approach, as I explained here:
https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c4
https://www.redhat.com/archives/libguestfs/2020-May/msg00035.html
IOW: do not attempt to relabel if the guest is not enforcing, as it is
either useless or may fail; few words more are in the comments of patch
#3.
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...cing
> +(* Interal exception to signal a non-enforcing SELinux. *)
> +
> (* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *)
> let array_find a l =
> List.mem a (Array.to_list l)
> @@ -35,12 +38,18 @@ let rec relabel (g : G.guestfs) =
> use_setfiles g;
> (* That worked, so we don't need to autorelabel. *)
> g#rm_f "/.autorelabel"
> - with Failure _ ->
> + with
> + | Failure _ ->
> (* This is the fallback in case something in the setfiles
> * method didn't work....
2020 Sep 23
0
[common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...stfs
+exception SELinux_not_enforcing
+(* Interal exception to signal a non-enforcing SELinux. *)
+
(* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *)
let array_find a l =
List.mem a (Array.to_list l)
@@ -35,12 +38,18 @@ let rec relabel (g : G.guestfs) =
use_setfiles g;
(* That worked, so we don't need to autorelabel. *)
g#rm_f "/.autorelabel"
- with Failure _ ->
+ with
+ | Failure _ ->
(* This is the fallback in case something in the setfiles
* method didn't work. That includes the case where a non...
2020 May 05
3
[PATCH libguestfs-common 1/2] mlcustomize: Refactor SELinux_relabel code.
...e SELinux policy name, eg. "targeted", "minimum".
- * Use "targeted" if not specified, just like libselinux does.
+let rec relabel (g : G.guestfs) =
+ (* Is the guest using SELinux? (Otherwise this is a no-op). *)
+ if is_selinux_guest g then (
+ try
+ use_setfiles g;
+ (* That worked, so we don't need to autorelabel. *)
+ g#rm_f "/.autorelabel"
+ with Failure _ ->
+ (* This is the fallback in case something in the setfiles
+ * method didn't work. That includes the case where a non-SELinux
+ * host is proces...
2020 Sep 24
0
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...n to signal a non-enforcing SELinux. *)
> > +
> > (* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *)
> > let array_find a l =
> > List.mem a (Array.to_list l)
> > @@ -35,12 +38,18 @@ let rec relabel (g : G.guestfs) =
> > use_setfiles g;
> > (* That worked, so we don't need to autorelabel. *)
> > g#rm_f "/.autorelabel"
> > - with Failure _ ->
> > + with
> > + | Failure _ ->
> > (* This is the fallback in case something in the setfiles
> >...
2020 May 05
0
[PATCH libguestfs-common 2/2] mlcustomize: Fall back to autorelabel if specfile does not exist (RHBZ#1828952).
...to achieve it.
---
mlcustomize/SELinux_relabel.ml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/mlcustomize/SELinux_relabel.ml b/mlcustomize/SELinux_relabel.ml
index 5df1f08..5ecf7bd 100644
--- a/mlcustomize/SELinux_relabel.ml
+++ b/mlcustomize/SELinux_relabel.ml
@@ -77,6 +77,12 @@ and use_setfiles g =
let specfile =
sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in
+ (* If the spec file doesn't exist then fall back to using
+ * autorelabel (RHBZ#1828952).
+ *)
+ if not (g#is_file ~followsymlinks:true specfile) then
+ failwith "no spec file...