almalinux/lorax
13
0
Fork 0
Code Issues Pull Requests Releases Activity

Remove setfiles from mkrootfsimage

Browse Source 
SELinux applies the correct labels, setfiles is no longer needed.
This allows lorax to run with SELinux in Enforcing mode.

Related: rhbz#1645189
This commit is contained in:
Brian C. Lane 2018-11-13 11:25:12 -08:00
parent 14fb4a9156
commit 22061ed4ab
1 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/pylorax/imgutils.py
View File

@ -112,19 +112,6 @@ def mkrootfsimg(rootdir, outfile, label, size=2, sysroot=""):
fssize = None # Let mkext4img figure out the needed size fssize = None # Let mkext4img figure out the needed size
mkext4img(rootdir, outfile, label=label, size=fssize) mkext4img(rootdir, outfile, label=label, size=fssize)
# Reset selinux context on new rootfs
with LoopDev(outfile) as loopdev:
with Mount(loopdev) as mnt:
cmd = [ "setfiles", "-e", "/proc", "-e", "/sys", "-e", "/dev",
"-e", "/install", "-e", "/ostree",
"/etc/selinux/targeted/contexts/files/file_contexts", "/"]
root = join(mnt, sysroot.lstrip("/"))
try:
runcmd(cmd, root=root)
except CalledProcessError as e:
logger.error("setfiles exited with a non-zero return code (%d) which may "
"be caused by running without SELinux in Permissive mode.", e.returncode)
raise
######## Utility functions ############################################### ######## Utility functions ###############################################