[Libguestfs] virt-builder & virt-sysprep: Avoiding SELinux relabelling
On Tue, 21 Jan 2014, Richard W.M. Jones wrote:
A common problem that people have with virt-builder and virt-sysprep
is which guests that use SELinux, like Fedora and RHEL. In both cases
we touch /.autorelabel in the guest, which means the guest has to
reboot once during its first boot.
... snip much analysis ...
(4) It can touch '/.autorelabel' which causes an SELinux
enabled guest
to do a full filesystem relabel at first boot (followed by a
reboot).
The initscripts have taken to toind a reboot at the end of the
cleanup in the:
/.autorelabel
but formerly did not. It is unclear to me that this is
required
Perhaps the build process can omit step 4 and the:
touch /.autorelabel
with this additional option in that enumeration of choices
(5) it can do an additional step at very end of the post
install:
restorecon -R /
untested
-- Russ herrold