Re: [Libguestfs] SELinux relabel API
On Sat, May 24, 2014, at 10:39 AM, Colin Walters wrote:
> Dan Walsh helpfully pointed out to us that we've been doing it wrong
> all along :-) A much better way to relabel is to run:
>
> setfiles /etc/selinux/targeted/contexts/files/file_contexts DIR
Yes, this is what I'm doing with OSTree. However in the general cross
labeling case it has a subtle issue with PCRE:
http://comments.gmane.org/gmane.comp.security.selinux/20214
There is of course always the potential issue for incompatible future
changes in the file_contexts format.
My current workaround is:
https://github.com/cgwalters/rpm-ostree/commit/0cb346b798aead0fd544e2c9ef...
FWIW I don't have an immediate major need for the relabeling API because
we use Anaconda which does initial labeling there. The remaining
use cases for libguestfs apps of debug/repair are still valid, but those aren't
critical path.