Move the current logic of the SELinux relabel to a new daemon function,
so
a) within the daemon it is much easier to do changes without having
files touched or moved as side effects of other daemon calls
b) clients can just call this new API and be done with it, with no need
to think by themselves about what to do to proper do the relabel
c) the logic can be updated anytime at once within libguestfs
---
customize/customize_run.ml | 10 +---------
daemon/selinux.c | 27 +++++++++++++++++++++++++++
generator/actions.ml | 12 ++++++++++++
src/MAX_PROC_NR | 2 +-
4 files changed, 41 insertions(+), 10 deletions(-)
diff --git a/customize/customize_run.ml b/customize/customize_run.ml
index 4d83e90..2650e19 100644
--- a/customize/customize_run.ml
+++ b/customize/customize_run.ml
@@ -300,15 +300,7 @@ exec >>%s 2>&1
if ops.flags.selinux_relabel then (
msg (f_"SELinux relabelling");
- let cmd = sprintf "
- if load_policy && fixfiles restore; then
- rm -f /.autorelabel
- else
- touch /.autorelabel
- echo '%s: SELinux relabelling failed, will relabel at boot instead.'
- fi
- " prog in
- do_run ~display:"load_policy && fixfiles restore" cmd
+ g#selinux_relabel "/"
);
(* Clean up the log file:
diff --git a/daemon/selinux.c b/daemon/selinux.c
index 1c1446d..d0a3832 100644
--- a/daemon/selinux.c
+++ b/daemon/selinux.c
@@ -90,3 +90,30 @@ do_getcon (void)
OPTGROUP_SELINUX_NOT_AVAILABLE
#endif /* !HAVE_LIBSELINUX */
+
+int
+do_selinux_relabel (const char *root)
+{
+ CLEANUP_FREE char *cmd = NULL, *out = NULL;
+ const char cmd_fmt[] =
+ "if load_policy && fixfiles restore; then\n"
+ " rm -f %.*s/.autorelabel\n"
+ "else\n"
+ " touch %.*s/.autorelabel\n"
+ " echo 'SELinux relabelling failed, will relabel at boot
instead.'\n"
+ "fi\n";
+ int len = strlen (root);
+
+ if (root[len - 1] == '/')
+ --len;
+
+ if (asprintf (&cmd, cmd_fmt, len, root, len, root) == -1) {
+ reply_with_perror ("asprintf");
+ return -1;
+ }
+
+ out = do_sh (cmd);
+ if (verbose)
+ fprintf (stderr, "%s\n", out);
+ return out == NULL ? -1 : 0;
+}
diff --git a/generator/actions.ml b/generator/actions.ml
index ed65c6e..a59fe31 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -11924,6 +11924,18 @@ New (SVR4) portable format with a checksum.
=back" };
+ { defaults with
+ name = "selinux_relabel";
+ style = RErr, [Pathname "root"], [];
+ proc_nr = Some 420;
+ shortdesc = "do the SELinux relabel of the files";
+ longdesc = "\
+This does a relabel of the files of the system under the specified
+C<root> according to the SELinux policy in the system mounted in that
+C<root>.
+
+See the documentation about SELINUX in L<guestfs(3)>." };
+
]
(* Non-API meta-commands available only in guestfish.
diff --git a/src/MAX_PROC_NR b/src/MAX_PROC_NR
index 7b53aa0..816d01b 100644
--- a/src/MAX_PROC_NR
+++ b/src/MAX_PROC_NR
@@ -1 +1 @@
-419
+420
--
1.9.3