Description of problem: If a guest OS supports SELinux you should default the guestfish to --selinux and load the policy. Otherwise files created by guestfish will have no labels and cause SELinux headaches when the machine boots. You can either parse /etc/selinux/config looking for the SELINUX= lines to determine whether selinux is enabled or use the libselinux function. extern int selinux_init_load_policy(int *enforce);
I discussed several features with Dan Walsh which make sense to implement to make SELinux handling more robust in virt-v2v and libguestfs in general. They are: (1) virt-inspector should find out if the guest OS supports selinux, and the default enablement state. (2) virt-inspector to support the --selinux flag based on above. (3) replace sh load_policy advice in http://libguestfs.org/guestfs.3.html#selinux with a direct call to selinux_init_load_policy (4) add an API to get the security context from selinux_failsafe_context_path
Fixed upstream by: https://github.com/libguestfs/libguestfs/commit/9d205f1c284a69390907120ca44f5c723fecc244 https://github.com/libguestfs/libguestfs/commit/6ec75f8cfe455493b46f1a3a5a00282359e588a5 https://github.com/libguestfs/libguestfs/commit/f3c69fe60bc29ebfcef0ea9d86d407e1a88686b0 https://github.com/libguestfs/libguestfs/commit/b6e92b1100b4ca462a35549bd36322f0510739bc https://github.com/libguestfs/libguestfs/commit/35bac3a6501354e4a3805877d950e741429f169b https://github.com/libguestfs/libguestfs/commit/fc114904848559e02d8f4e4a8bfb57277c349f0f