search for: use_setfiles

Displaying 6 results from an estimated 6 matches for "use_setfiles".

2020 Sep 23
6
[common PATCH 0/3] SELinux_relabel: relabel only if enforcing (RHBZ#1828952)
Continuation/rework of: https://www.redhat.com/archives/libguestfs/2020-May/msg00020.html This is my approach, as I explained here: https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c4 https://www.redhat.com/archives/libguestfs/2020-May/msg00035.html IOW: do not attempt to relabel if the guest is not enforcing, as it is either useless or may fail; few words more are in the comments of patch #3.
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...cing > +(* Interal exception to signal a non-enforcing SELinux. *) > + > (* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *) > let array_find a l = > List.mem a (Array.to_list l) > @@ -35,12 +38,18 @@ let rec relabel (g : G.guestfs) = > use_setfiles g; > (* That worked, so we don't need to autorelabel. *) > g#rm_f "/.autorelabel" > - with Failure _ -> > + with > + | Failure _ -> > (* This is the fallback in case something in the setfiles > * method didn't work....
2020 Sep 23
0
[common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...stfs +exception SELinux_not_enforcing +(* Interal exception to signal a non-enforcing SELinux. *) + (* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *) let array_find a l = List.mem a (Array.to_list l) @@ -35,12 +38,18 @@ let rec relabel (g : G.guestfs) = use_setfiles g; (* That worked, so we don't need to autorelabel. *) g#rm_f "/.autorelabel" - with Failure _ -> + with + | Failure _ -> (* This is the fallback in case something in the setfiles * method didn't work. That includes the case where a non...
2020 May 05
3
[PATCH libguestfs-common 1/2] mlcustomize: Refactor SELinux_relabel code.
...e SELinux policy name, eg. "targeted", "minimum". - * Use "targeted" if not specified, just like libselinux does. +let rec relabel (g : G.guestfs) = + (* Is the guest using SELinux? (Otherwise this is a no-op). *) + if is_selinux_guest g then ( + try + use_setfiles g; + (* That worked, so we don't need to autorelabel. *) + g#rm_f "/.autorelabel" + with Failure _ -> + (* This is the fallback in case something in the setfiles + * method didn't work. That includes the case where a non-SELinux + * host is proces...
2020 Sep 24
0
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...n to signal a non-enforcing SELinux. *) > > + > > (* Simple reimplementation of Array.mem, available only with OCaml >= 4.03. *) > > let array_find a l = > > List.mem a (Array.to_list l) > > @@ -35,12 +38,18 @@ let rec relabel (g : G.guestfs) = > > use_setfiles g; > > (* That worked, so we don't need to autorelabel. *) > > g#rm_f "/.autorelabel" > > - with Failure _ -> > > + with > > + | Failure _ -> > > (* This is the fallback in case something in the setfiles > >...
2020 May 05
0
[PATCH libguestfs-common 2/2] mlcustomize: Fall back to autorelabel if specfile does not exist (RHBZ#1828952).
...to achieve it. --- mlcustomize/SELinux_relabel.ml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mlcustomize/SELinux_relabel.ml b/mlcustomize/SELinux_relabel.ml index 5df1f08..5ecf7bd 100644 --- a/mlcustomize/SELinux_relabel.ml +++ b/mlcustomize/SELinux_relabel.ml @@ -77,6 +77,12 @@ and use_setfiles g = let specfile = sprintf "/etc/selinux/%s/contexts/files/file_contexts" policy in + (* If the spec file doesn't exist then fall back to using + * autorelabel (RHBZ#1828952). + *) + if not (g#is_file ~followsymlinks:true specfile) then + failwith "no spec file...