similar to: [PATCH] customize: avoid Array.mem for now

libselinux defaults to "targeted" when no SELINUXTYPE is specified in /etc/config/selinux. Hence do the same here, instead of failing because of the missing key. Add a slow test for checking SELinux relabeling on a Fedora 27 guest, both with no changes, and with a modified configuration. --- customize/Makefile.am | 2 ++ customize/SELinux_relabel.ml | 14 ++++++++++--

Continuation/rework of: https://www.redhat.com/archives/libguestfs/2020-May/msg00020.html This is my approach, as I explained here: https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c4 https://www.redhat.com/archives/libguestfs/2020-May/msg00035.html IOW: do not attempt to relabel if the guest is not enforcing, as it is either useless or may fail; few words more are in the comments of patch #3.

This shouldn't change the effect of this code. --- mlcustomize/SELinux_relabel.ml | 121 ++++++++++++++++++--------------- 1 file changed, 65 insertions(+), 56 deletions(-) diff --git a/mlcustomize/SELinux_relabel.ml b/mlcustomize/SELinux_relabel.ml index 44995df..5df1f08 100644 --- a/mlcustomize/SELinux_relabel.ml +++ b/mlcustomize/SELinux_relabel.ml @@ -28,65 +28,74 @@ module G = Guestfs

On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > Do not attempt to relabel a guest in case its SELinux enforcing mode is > not "enforcing", as it is either pointless, or it may fail because of an > invalid policy configured. > --- > mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) >

Do not attempt to relabel a guest in case its SELinux enforcing mode is not "enforcing", as it is either pointless, or it may fail because of an invalid policy configured. --- mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/mlcustomize/SELinux_relabel.ml b/mlcustomize/SELinux_relabel.ml index 647aeda..db00e59

On Thursday, 24 September 2020 12:15:29 CEST Richard W.M. Jones wrote: > On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > > Do not attempt to relabel a guest in case its SELinux enforcing mode is > > not "enforcing", as it is either pointless, or it may fail because of an > > invalid policy configured. > > --- > >

Instead of just documenting this bug, fix it in the file_contexts file. Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409. --- customize/SELinux_relabel.ml | 19 +++++++++++++++++++ v2v/virt-v2v.pod | 11 ----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml index fa9603c..69a4779 100644 ---

Hello, Richard. > -----Original Message----- > From: Richard W.M. Jones [mailto:rjones@redhat.com] > Sent: Monday, March 5, 2018 8:42 PM > To: Зиновик Игорь Анатольевич <ZinovikIA@nspk.ru> > Cc: libguestfs@redhat.com > Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ... > Multiple same specifications for /.*. > > On Mon, Mar 05, 2018 at

Rewrite the relabel API to read the policy configured in the guest, invoking setfiles (added as part of the appliance, as part of policycoreutils) to relabel the specified root. In case of failure at any point of the process, a touch of .autorelabel in the root is tried as last-attempt measure to do the relabel. Considering that running SELinux tools in the appliance might be affected by the

Hi Rich, I tried to implement the logging feature, but I can't though compiling with this patch now, could you please give me some comments? The error message is below, --- ocamlfind ocamlopt -g -warn-error CDEFLMPSUVYZX -package unix -I ../src/.libs -I ../ocaml -c sysprep_operation.ml -o sysprep_operation.cmx File "sysprep_operation.ml", line 1, characters 0-1: Error: The

Hi Rich, On Wed, November 16, 2016 1:34 pm, Richard W.M. Jones wrote: > On Wed, Nov 16, 2016 at 11:31:40AM -0500, Derek Atkins wrote: >> > Running `virt-v2v -v -x ...' and observing the output will give you a >> > good idea of what precisely it was doing for those hours. >> >> Well, as I said in my original email, it was hanging at running >> setfiles:

Hi, I've got a core dump during initialisation when I use 1.0.rc12 and LDAP with authenticated binds in Solaris. It worked OK in 1.0.rc10. Here's the non-commented entries in dovecot-ldap.conf - some of which are probably redundant :) :- hosts = xxx.yyy.rdg.ac.uk auth_bind = yes auth_bind_userdn = "cn=%n,cn=users,dc=xxx,dc=yyy,dc=rdg,dc=ac,dc=uk" ldap_version = 3 base =

Add an architecture field for all the entries in each index, so we know which architecture they are (not used right now, but will be in the future). The problematic part here is properly marking with the correct architecture: since we only know the current index on libguestfs.org contains x86_64/amd64 images, entries coming from it are marked that way; images in all the other indexes

My experimentation with a Perl-based compiler for Shorewall is beginning to bear fruit. Here is a timing from the main firewall at shorewall.net using the Perl-based compiler. That compiler generates a script that uses iptables-restore to configure Netfilter. root@lists:~/shorewall# shorewall restart . Compiling... Shorewall configuration compiled to /var/lib/shorewall/.restart Restarting

[This email is either empty or too large to be displayed at this time]

On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones@redhat.com> wrote: > On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote: > > I'm copying a file into a VM using virt-copy-in - which is great, but the > > file is wrongly labeled. > > How can I fix that? > > Hi Yaniv, > > The easiest thing is to run this after doing the virt-copy-in:

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

This implements the --selinux-relabel option for virt-customize, virt-builder and virt-sysprep. There is no need to autorelabel functionality now. Thanks: Stephen Smalley --- builder/Makefile.am | 1 + builder/virt-builder.pod | 20 +++++++++---------- customize/Makefile.am | 2 ++ customize/SELinux_relabel.ml | 46 +++++++++++++++++++++++++++++++++++++++++++

Instead of just documenting this bug, fix it in the file_contexts file. Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409. --- customize/SELinux_relabel.ml | 20 ++++++++++++++++++++ v2v/virt-v2v.pod | 11 ----------- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml index fa9603c..d3b9325 100644 ---