Bug 554829

Summary: SELinux handling could be done better.
Product: [Community] Virtualization Tools Reporter: Daniel Walsh <dwalsh>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: mbooth, ptoscano, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-14 14:47:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1089100    
Bug Blocks:    

Description Daniel Walsh 2010-01-12 18:55:07 UTC 
Description of problem:

If a guest OS supports SELinux you should default the guestfish to --selinux and load the policy.  Otherwise files created by guestfish will have no labels and cause SELinux headaches when the machine boots.

You can either parse /etc/selinux/config looking for the SELINUX= lines to determine whether selinux is enabled or use the libselinux function.

extern int selinux_init_load_policy(int *enforce);
Comment 1 Richard W.M. Jones 2010-01-12 19:03:23 UTC 
I discussed several features with Dan Walsh which make sense to
implement to make SELinux handling more robust in virt-v2v and
libguestfs in general.  They are:

(1) virt-inspector should find out if the guest OS supports selinux,
and the default enablement state.

(2) virt-inspector to support the --selinux flag based on above.

(3) replace sh load_policy advice in
http://libguestfs.org/guestfs.3.html#selinux with a direct call to
selinux_init_load_policy

(4) add an API to get the security context from
selinux_failsafe_context_path
Comment 2 Richard W.M. Jones 2016-07-14 14:47:13 UTC 
Fixed upstream by:
https://github.com/libguestfs/libguestfs/commit/9d205f1c284a69390907120ca44f5c723fecc244
https://github.com/libguestfs/libguestfs/commit/6ec75f8cfe455493b46f1a3a5a00282359e588a5
https://github.com/libguestfs/libguestfs/commit/f3c69fe60bc29ebfcef0ea9d86d407e1a88686b0
https://github.com/libguestfs/libguestfs/commit/b6e92b1100b4ca462a35549bd36322f0510739bc
https://github.com/libguestfs/libguestfs/commit/35bac3a6501354e4a3805877d950e741429f169b
https://github.com/libguestfs/libguestfs/commit/fc114904848559e02d8f4e4a8bfb57277c349f0f