github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-28 19:54:35 +00:00
Code Issues Projects Releases Wiki Activity

osbuilder: Remove chcon operation for guest SELinux

Browse Source 
Remove the `chcon` operation which adds `container_runtime_exec_t` label to
the `kata-agent` binary because the container-selinux package including
the 39f83cc74d
commit has been released officially.
Ref. https://centos.pkgs.org/9-stream/centos-appstream-x86_64/container-selinux-2.221.0-1.el9.noarch.rpm.html

The container-selinux package is installed in a guest rootfs when we create it with `SELinux = yes`,
and `restorecon` sets `container_runtime_exec_t` to the `kata-agent`.

Fixes: #7807

Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
This commit is contained in:
Manabu Sugimoto 2023-08-31 16:44:32 +09:00
parent b467f2ef68
commit 211de08d9e
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tools/osbuilder/image-builder/image_builder.sh
View File

@ -440,11 +440,6 @@ setup_selinux() {
chroot "${mount_dir}" command -v restorecon > /dev/null; then chroot "${mount_dir}" command -v restorecon > /dev/null; then
mount -t selinuxfs selinuxfs "$selinuxfs_path" mount -t selinuxfs selinuxfs "$selinuxfs_path"
chroot "${mount_dir}" restorecon -RF -e ${SELINUXFS} / chroot "${mount_dir}" restorecon -RF -e ${SELINUXFS} /
# TODO: This operation will be removed after the updated container-selinux that
# includes the following commit is released.
# https://github.com/containers/container-selinux/commit/39f83cc74d50bd10ab6be4d0bdd98bc04857469f
# We use chcon as an interim solution until then.
chroot "${mount_dir}" chcon -t container_runtime_exec_t "/usr/bin/${agent_bin}"
umount "${selinuxfs_path}" umount "${selinuxfs_path}"
else else
die "Could not label the rootfs. Make sure that SELinux is enabled on the host \ die "Could not label the rootfs. Make sure that SELinux is enabled on the host \