mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

builder: run/schedule a SELinux relabel if needed

Browse Source 
If the guest uses SELinux, then make sure to run a relabel (or at least
schedule one) after the image build: this way the template is
relabelled, or at least it will do that at the next boot, without the
need for the user to ask for a relabel.

This just covers the case of building a new image with no additional
operations on it though.
This commit is contained in:
Pino Toscano
2016-05-10 15:11:53 +02:00
parent 754b8f5ef3
commit ddcd9c2a10
13 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
builder/website/centos.sh
View File

@@ -96,4 +96,6 @@ virt-install \
--nographics \
--noreboot
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

17
builder/website/compress.sh
View File

@@ -20,10 +20,25 @@
output=$1
relabel_args=()
if [ -n "$DO_RELABEL" ]; then
os_arch=$(uname -m)
guest_arch=$(virt-inspector -a "$output" | virt-inspector --xpath "string(/operatingsystems/operatingsystem/arch)")
if [ "$os_arch" = "$guest_arch" ] || [ "$os_arch" = "x86_64" -a "$guest_arch" = "i386" ]; then
# this is what --selinux-relabel should really do, but do it ourselves
# in the meanwhile -- see RHBZ#1089100.
relabel_args+=(--run-command "setfiles /etc/selinux/targeted/contexts/files/file_contexts /")
else
relabel_args+=(--selinux-relabel)
fi
fi
# Sysprep (removes logfiles and so on).
# Note this also touches /.autorelabel so the further installation
# changes that we make will be labelled properly at first boot.
virt-sysprep -a $output
virt-sysprep -a $output "${relabel_args[@]}"
# Sparsify.
mv $output $output.old

2
builder/website/fedora-aarch64.sh
View File

@@ -103,4 +103,6 @@ virt-install \
cp $vars $output-nvram
xz --best $output-nvram
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/fedora-armv7l.sh
View File

@@ -92,4 +92,6 @@ virt-install \
--nographics \
--noreboot
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/fedora-i686.sh
View File

@@ -100,4 +100,6 @@ virt-install \
--nographics \
--noreboot
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/fedora-ppc64.sh
View File

@@ -92,4 +92,6 @@ virt-install \
--nographics \
--noreboot
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/fedora-ppc64le.sh
View File

@@ -92,4 +92,6 @@ virt-install \
--nographics \
--noreboot
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/fedora.sh
View File

@@ -100,4 +100,6 @@ virt-install \
--nographics \
--noreboot
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/rhel-aarch64.sh
View File

@@ -159,4 +159,6 @@ cp $vars $output-nvram
guestfish --rw -a $output -m $guestroot \
upload $yum /etc/yum.repos.d/download.devel.redhat.com.repo
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/rhel-ppc64.sh
View File

@@ -140,4 +140,6 @@ virt-install \
guestfish --rw -a $output -m $guestroot \
upload $yum /etc/yum.repos.d/download.devel.redhat.com.repo
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/rhel-ppc64le.sh
View File

@@ -140,4 +140,6 @@ virt-install \
guestfish --rw -a $output -m $guestroot \
upload $yum /etc/yum.repos.d/download.devel.redhat.com.repo
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/rhel.sh
View File

@@ -225,4 +225,6 @@ guestfish --rw -a $output -m $guestroot \
upload $yum /etc/yum.repos.d/download.devel.redhat.com.repo
fi
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output

2
builder/website/scientificlinux.sh
View File

@@ -86,4 +86,6 @@ virt-install \
--nographics \
--noreboot
DO_RELABEL=1
source $(dirname "$0")/compress.sh $output