Merge pull request #12881 from MusicDin/cp/fix/selinux

Instance: Handle SELinux for VM LXD agent
canonical · Feb 14, 2024 · 50f721c · 50f721c
2 parents 80832b0 + 12d8715
commit 50f721c
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go
@@ -2764,6 +2764,9 @@ cp -Ra --no-preserve=ownership "${PREFIX}/.mnt/"* "${PREFIX}"
 # Unmount the temporary mount.
 umount "${PREFIX}/.mnt"
 rmdir "${PREFIX}/.mnt"
+
+# Attempt to restore SELinux labels.
+restorecon -R "${PREFIX}" >/dev/null 2>&1 || true
 `
 
 	err = os.WriteFile(filepath.Join(configDrivePath, "systemd", "lxd-agent-setup"), []byte(lxdAgentSetupScript), 0500)
@@ -2813,6 +2816,11 @@ cp systemd/lxd-agent.service /lib/systemd/system/
 cp systemd/lxd-agent-setup /lib/systemd/
 systemctl daemon-reload
 
+# SELinux handling.
+if getenforce >/dev/null 2>&1; then
+    semanage fcontext -a -t bin_t /run/lxd_agent/lxd-agent
+fi
+
 echo ""
 echo "LXD agent has been installed, reboot to confirm setup."
 echo "To start it now, unmount this filesystem and run: systemctl start lxd-agent"