On 09/26/2018 10:18 AM, Stephen Smalley wrote:
On 09/26/2018 09:55 AM, sajjad ahmed via Selinux wrote:
Hi all,
I'm trying to use the setfiles utility (v 2.7) from policycoreutils to
label rootfs, it seems like setfiles exclude all the directories
straight away and labels nothing. I tried an older version (< 2.6)
that works fine. I'm using the yocto project to build packages and
using native setfiles utility to "label rootfs on the build system".
Is it utility who is not doing what is supposed to?
I'm using the following command to label rootfs,
/sudosetfiles -v -r /tmp/sid/
/etc/selinux/refpolicy/contexts/files/file_contexts /tmp/sid//
/
/
I'll guess that your build host OS has SELinux disabled and that
consequently /proc/mounts does not show the seclabel option for the
filesystem. Trying using the -m option to setfiles to ignore /proc/mounts.
I guess we should be enabling this option automatically if SELinux is
disabled on the host? Looks like we were skipping use of /proc/mounts
in setfiles until moving it to use selinux_restorecon()
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
