The documentation currently says that the user should avoid passing
"--selinux-relabel" on the command line if the guest does not support
SELinux. However, the "is_selinux_guest" helper function in
"common/mlcustomize/SELinux_relabel.ml" already turns
"--selinux-relabel"
into a no-op if some key SELinux files are absent from the guest, so there
is no need to caution the user.
This change is relevant because the subsequent patches will turn on
"--selinux-relabel" by default, and therefore "is_selinux_guest" will
grow
in importance.
Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1554735
Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=2075718
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
generator/customize.ml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/generator/customize.ml b/generator/customize.ml
index 0b256e2d2351..3b3eec6d2370 100644
--- a/generator/customize.ml
+++ b/generator/customize.ml
@@ -575,7 +575,7 @@ This will attempt to relabel files immediately, but if the operation
fails
this will instead touch F</.autorelabel> on the image to schedule a
relabel operation for the next time the image boots.
-You should only use this option for guests which support SELinux.";
+This option is a no-op for guests that do not support SELinux.";
};
{ flag_name = "sm-credentials";
--
2.19.1.3.g30247aa5d201