From e30ac34f0b50a23ec0f5b3aa1d4075950a0668d6 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 10 May 2022 12:27:56 +0200 Subject: [PATCH] generator/customize: document that "--selinux-relabel" checks for SELinux The documentation currently says that the user should avoid passing "--selinux-relabel" on the command line if the guest does not support SELinux. However, the "is_selinux_guest" helper function in "common/mlcustomize/SELinux_relabel.ml" already turns "--selinux-relabel" into a no-op if some key SELinux files are absent from the guest, so there is no need to caution the user. This change is relevant because the subsequent patches will turn on "--selinux-relabel" by default, and therefore "is_selinux_guest" will grow in importance. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718 Signed-off-by: Laszlo Ersek Message-Id: <20220510102757.14466-2-lersek@redhat.com> Acked-by: Richard W.M. Jones (cherry picked from commit 8541db057c333f633d40e283304eeb22c6d7785c) --- generator/customize.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generator/customize.ml b/generator/customize.ml index 0b256e2d2..3b3eec6d2 100644 --- a/generator/customize.ml +++ b/generator/customize.ml @@ -575,7 +575,7 @@ This will attempt to relabel files immediately, but if the operation fails this will instead touch F on the image to schedule a relabel operation for the next time the image boots. -You should only use this option for guests which support SELinux."; +This option is a no-op for guests that do not support SELinux."; }; { flag_name = "sm-credentials";