almalinux/lorax
14
1
Fork 0
Code Issues Pull Requests Releases Activity

Remove setfiles from mkrootfsimage

Browse Source 
SELinux applies the correct labels, setfiles is no longer needed.
This allows lorax to run with SELinux in Enforcing mode.

(cherry picked from commit 8b11705ea0)
This commit is contained in:
Brian C. Lane 2018-11-13 11:25:12 -08:00
parent 080705e8e6
commit 4a4a415f88
1 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/pylorax/imgutils.py
View File

@ -112,19 +112,6 @@ def mkrootfsimg(rootdir, outfile, label, size=2, sysroot=""):
fssize = None # Let mkext4img figure out the needed size fssize = None # Let mkext4img figure out the needed size
mkext4img(rootdir, outfile, label=label, size=fssize) mkext4img(rootdir, outfile, label=label, size=fssize)
# Reset selinux context on new rootfs
with LoopDev(outfile) as loopdev:
with Mount(loopdev) as mnt:
cmd = [ "setfiles", "-e", "/proc", "-e", "/sys", "-e", "/dev",
"-e", "/install", "-e", "/ostree",
"/etc/selinux/targeted/contexts/files/file_contexts", "/"]
root = join(mnt, sysroot.lstrip("/"))
try:
runcmd(cmd, root=root)
except CalledProcessError as e:
logger.error("setfiles exited with a non-zero return code (%d) which may "
"be caused by running without SELinux in Permissive mode.", e.returncode)
raise
######## Utility functions ############################################### ######## Utility functions ###############################################