Remove setfiles from mkrootfsimage

SELinux applies the correct labels, setfiles is no longer needed. This allows lorax to run with SELinux in Enforcing mode.
2018-11-13 11:25:12 -08:00 · 2018-11-13 11:25:12 -08:00 · 8b11705ea0
parent 9ea1f4c09d
commit 8b11705ea0
1 changed files with 0 additions and 13 deletions
--- a/src/pylorax/imgutils.py
+++ b/src/pylorax/imgutils.py
@ -112,19 +112,6 @@ def mkrootfsimg(rootdir, outfile, label, size=2, sysroot=""):
        fssize = None       # Let mkext4img figure out the needed size

    mkext4img(rootdir, outfile, label=label, size=fssize)
-    # Reset selinux context on new rootfs
-    with LoopDev(outfile) as loopdev:
-        with Mount(loopdev) as mnt:
-            cmd = [ "setfiles", "-e", "/proc", "-e", "/sys", "-e", "/dev",
-                    "-e", "/install", "-e", "/ostree",
-                    "/etc/selinux/targeted/contexts/files/file_contexts", "/"]
-            root = join(mnt, sysroot.lstrip("/"))
-            try:
-                runcmd(cmd, root=root)
-            except CalledProcessError as e:
-                logger.error("setfiles exited with a non-zero return code (%d) which may "
-                             "be caused by running without SELinux in Permissive mode.", e.returncode)
-                raise


 ######## Utility functions ###############################################