From 12d8715e110329c7a9df571b56eba8ee1e8c8bd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Mon, 12 Feb 2024 16:10:25 -0500
Subject: [PATCH] lxd/instance/drivers/qemu: Handle SELinux for LXD agent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
(cherry picked from commit b2cd793ae4ce016ca7da128cc2d14544c041c801)
Signed-off-by: Din Music <din.music@canonical.com>
License: Apache-2.0
---
 lxd/instance/drivers/driver_qemu.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go
index 9acf226da23c..97e1d8b65ccd 100644
--- a/lxd/instance/drivers/driver_qemu.go
+++ b/lxd/instance/drivers/driver_qemu.go
@@ -2764,6 +2764,9 @@ cp -Ra --no-preserve=ownership "${PREFIX}/.mnt/"* "${PREFIX}"
 # Unmount the temporary mount.
 umount "${PREFIX}/.mnt"
 rmdir "${PREFIX}/.mnt"
+
+# Attempt to restore SELinux labels.
+restorecon -R "${PREFIX}" >/dev/null 2>&1 || true
 `
 
 	err = os.WriteFile(filepath.Join(configDrivePath, "systemd", "lxd-agent-setup"), []byte(lxdAgentSetupScript), 0500)
@@ -2813,6 +2816,11 @@ cp systemd/lxd-agent.service /lib/systemd/system/
 cp systemd/lxd-agent-setup /lib/systemd/
 systemctl daemon-reload
 
+# SELinux handling.
+if getenforce >/dev/null 2>&1; then
+    semanage fcontext -a -t bin_t /run/lxd_agent/lxd-agent
+fi
+
 echo ""
 echo "LXD agent has been installed, reboot to confirm setup."
 echo "To start it now, unmount this filesystem and run: systemctl start lxd-agent"