On Sun, Dec 24, 2017 at 4:20 PM, Richard W.M. Jones <rjones@redhat.com> wrote:
On Sun, Dec 24, 2017 at 03:59:33PM +0200, Yaniv Kaul wrote:
> On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones@redhat.com>
> wrote:
>
> > On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote:
> > > I'm copying a file into a VM using virt-copy-in - which is great, but the
> > > file is wrongly labeled.
> > > How can I fix that?
> >
> > Hi Yaniv,
> >
> > The easiest thing is to run this after doing the virt-copy-in:
> >
> >   virt-customize -a disk.img --selinux-relabel
> >
> > which will run this code:
> >
> >   https://github.com/libguestfs/libguestfs/blob/master/
> > customize/SELinux_relabel.ml#L27
> >
> > That requires an extra launch of the appliance, so if you were very
> > concerned about doing this most efficiently then you could do
> > something like this instead:
> >
> >   guestfish -a disk.img -i <<EOF
> >     copy-in files [...] /target/dir
> >     selinux-relabel /etc/selinux/targeted/contexts/files/file_contexts / force:true

In case it's not clear, this parameter                                    ^^^
controls the scope of the relabelling, so you can relabel parts of the
filesystem if you want to.  It's basically a wrapper around
‘setfiles’:

https://github.com/libguestfs/libguestfs/blob/dab065a8eed6c6d8d9c53956393566812cfe6a2e/daemon/selinux-relabel.c#L87

Rich.

Thanks, I think I'm all good - seems to be working nice[1].

I think a great future feature of guestfish would be to run Ansible-based modules/roles against the VM.
All is needed is an IP, inject SSH credentials. Anything else?
Y.

[1] https://gerrit.ovirt.org/#/c/85715/1/src/ansible/create_target_vm.yml 

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW