On Tuesday 27 May 2014 14:25:08 Richard W.M. Jones wrote: > So I think an API which looks like this ... > > required params: > > None > > optional params: > > path => > Either a directory to be relabelled recursively, or a single > file (defaults to "/"). > > root => > Inspection root of guest. Optional, only makes sense when > 'contexts' param is *omitted*. > > contexts => > The `file_contexts' file. Defaults to > /etc/selinux/$selinux_type/contexts/files/file_contexts > > OSTree would probably want to pass: > > /ostree/deploy/$osname/deploy/$checksum/etc/selinux/targeted/contexts > /files/file_contexts > > Inspection could be updated to parse /etc/selinux/config in order to > get the default SELinux policy and pass it back through an API such as > `inspect-get-selinux-type'. > > If 'contexts' is omitted, 'root' must be supplied, and it causes an > internal call to guestfs_inspect_get_selinux_type (g, root) in order > to get the default policy.
Note that not specifying a root could lead to issues, as the file contexts are relative to a root. So if I say to relabel the path /guestmountpoint/etc/myconfig according to some /path/of/file_contexts without specifying what is the root, how should setfiles know that path is /etc/myconfig mounted at /guestmountpoint? At this point I'm thinking the best option would be making the root a normal (mandatory) argument, leaving path and contexts as optional (with the former being "/" as default value, and the latter as "find it from the root"). In the situation above, path would become a relative path to the specified root (so if I mount a guest into /guest and I want to relabel it only under /etc, I would pass root=/guest and path=/etc). -- Pino Toscano _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
