[Libguestfs] [PATCH 1/2] builder, customize: disable SELinux
Having SELinux enabled (even if not enforcing) in the appliance causes
troubles to applications/libraries that read/write SELinux attributes.
---
builder/builder.ml | 6 +++++-
customize/customize_main.ml | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/builder/builder.ml b/builder/builder.ml
index a407924..5195cfd 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -633,7 +633,11 @@ let main () =
(match smp with None -> () | Some smp -> g#set_smp smp);
g#set_network network;
- g#set_selinux ops.flags.selinux_relabel;
+ (* Make sure to turn SELinux off to avoid awkward interactions
+ * between the appliance kernel and applications/libraries interacting
+ * with SELinux xattrs.
+ *)
+ g#set_selinux false;
(* The output disk is being created, so use cache=unsafe here. *)
g#add_drive_opts ~format:output_format ~cachemode:"unsafe"
output_filename;
diff --git a/customize/customize_main.ml b/customize/customize_main.ml
index 6e0ba2d..2c8b2ef 100644
--- a/customize/customize_main.ml
+++ b/customize/customize_main.ml
@@ -208,7 +208,11 @@ read the man page virt-customize(1).
(match memsize with None -> () | Some memsize -> g#set_memsize memsize);
(match smp with None -> () | Some smp -> g#set_smp smp);
g#set_network network;
- g#set_selinux ops.flags.selinux_relabel;
+ (* Make sure to turn SELinux off to avoid awkward interactions
+ * between the appliance kernel and applications/libraries interacting
+ * with SELinux xattrs.
+ *)
+ g#set_selinux false;
(* Add disks. *)
add g dryrun;
--
1.9.3