Re: [Libguestfs] virt-builder & virt-sysprep: Avoiding SELinux relabelling

On Tue, Jan 21, 2014 at 12:01:45PM -0500, R P Herrold wrote: This doesn't work on its own. I suspect this would work: load_policy && restorecon -R / except it gives an error for me: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory load_policy: Can't load policy: No such file or directory This could be because the kernel of the libguestfs appliance doesn't match the kernel of the guest. (Also I patched my copy of virt-builder to add a call to g#set_selinux true). By the way, it's not clear to me that using load_policy is safe in all cases. In virt-builder it would be fine (if it worked), because you should trust the templates. In general, loading an untrusted guest policy into the appliance kernel may not be a great idea. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v