From 16043bb219a5fb4e121550513779af074f2ce0ca Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 10 May 2022 12:27:57 +0200 Subject: [PATCH] generator/customize: invert SELinux relabeling default Replace the "--selinux-relabel" option with "--no-selinux-relabel", inverting the default behavior (for guests with SELinux support, that is -- relabeling is always skipped for guests that don't support SELinux.) Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718 Signed-off-by: Laszlo Ersek Message-Id: <20220510102757.14466-3-lersek@redhat.com> Acked-by: Richard W.M. Jones (cherry picked from commit 2f6a27f1077d32d1ab526427052fc88e188356f7) --- generator/customize.ml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/generator/customize.ml b/generator/customize.ml index 3b3eec6d2..9634dad85 100644 --- a/generator/customize.ml +++ b/generator/customize.ml @@ -564,18 +564,21 @@ to modify C (Fedora, RHEL) or C (Debian, Ubuntu)."; }; - { flag_name = "selinux-relabel"; + { flag_name = "no-selinux-relabel"; flag_type = FlagBool false (* XXX - the default in virt-builder *); - flag_ml_var = "selinux_relabel"; - flag_shortdesc = "Relabel files with correct SELinux labels"; + flag_ml_var = "no_selinux_relabel"; + flag_shortdesc = "Do not relabel files with correct SELinux labels"; flag_pod_longdesc = "\ -Relabel files in the guest so that they have the correct SELinux label. +Do not attempt to correct the SELinux labels of files in the guest. -This will attempt to relabel files immediately, but if the operation fails -this will instead touch F on the image to schedule a -relabel operation for the next time the image boots. +In such guests that support SELinux, customization automatically +relabels files so that they have the correct SELinux label. (The +relabeling is performed immediately, but if the operation fails, +customization will instead touch F on the image to +schedule a relabel operation for the next time the image boots.) This +option disables the automatic relabeling. -This option is a no-op for guests that do not support SELinux."; +The option is a no-op for guests that do not support SELinux."; }; { flag_name = "sm-credentials"; -- 2.31.1