[Libguestfs] [PATCH] daemon: selinux: Add setfiles -m option to suppress extra excludes (RHBZ#1433577).

--- daemon/selinux-relabel.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/daemon/selinux-relabel.c b/daemon/selinux-relabel.c index 112bee1..2f48ee6 100644 --- a/daemon/selinux-relabel.c +++ b/daemon/selinux-relabel.c @@ -27,6 +27,8 @@ #include "actions.h" #include "optgroups.h" +#include "ignore-value.h" + GUESTFSD_EXT_CMD(str_setfiles, setfiles); #define MAX_ARGS 64 @@ -37,6 +39,20 @@ optgroup_selinuxrelabel_available (void) return prog_exists (str_setfiles); } +static int +setfiles_has_m_option (void) +{ + static int flag = -1; + CLEANUP_FREE char *err = NULL; + + if (flag == -1) { + ignore_value (command (NULL, &err, str_setfiles, "-m", NULL)); + flag = err && strstr (err, /* "invalid option -- " */ "'m'") == NULL; + } + + return flag; +} + /* Takes optional arguments, consult optargs_bitmask. */ int do_selinux_relabel (const char *specfile, const char *path, @@ -83,6 +99,13 @@ do_selinux_relabel (const char *specfile, const char *path, ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_selinux); ADD_ARG (argv, i, "-e"); ADD_ARG (argv, i, s_sys); + /* You have to use the -m option (where available) otherwise + * setfiles puts all the mountpoints on the excludes list for no + * useful reason (RHBZ#1433577). + */ + if (setfiles_has_m_option ()) + ADD_ARG (argv, i, "-m"); + /* Relabelling in a chroot. */ if (STRNEQ (sysroot, "/")) { ADD_ARG (argv, i, "-r"); -- 2.10.2