9009b18869
Working on host systems without selinux, where the guest image does have selinux, creates a situation where the instance will have about a 1 minute delay on first boot because it must relabel. The previous check for sysfs assumes that the host system has selinux, which is not needed for the guest setfiles to work. Change-Id: Ic186a45991b6d80880ad635e9c80985612f53a05 Closes-bug: 1414200
16 lines
586 B
Bash
Executable File
16 lines
586 B
Bash
Executable File
#!/bin/bash
|
|
|
|
set -eux
|
|
set -o pipefail
|
|
|
|
if [ -e /etc/selinux/targeted/contexts/files/file_contexts -a -x /usr/sbin/setfiles ]; then
|
|
# Without fixing selinux file labels, sshd will run in the kernel_t domain
|
|
# instead of the sshd_t domain, making ssh connections fail with
|
|
# "Unable to get valid context for <user>" error message
|
|
setfiles /etc/selinux/targeted/contexts/files/file_contexts /
|
|
else
|
|
echo "Skipping SELinux relabel, since setfiles is not available."
|
|
echo "Touching /.autorelabel to schedule a relabel when the image boots."
|
|
touch /.autorelabel
|
|
fi
|