Remove TarStripSelinuxContext=

We now generate images with correct selinux labels. If selinux labels
are not needed, they can simply be excluded when extracting the archive,
but let's always include them when generating the archive and then users
can choose what to do with the labels when extracting.

diff --git a/NEWS.md b/NEWS.md
index 938065a088cfe825bcfe89ea9c57e069eb91d4c8..ec3182ced9a50dadae5251d534e26b757c5c517c 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -103,6 +103,9 @@
       exec mkosi-chroot "$SCRIPT" "$@"
   fi
   ```
+- Removed `--tar-strip-selinux-context=` option. We now label all files
+  properly if selinux is enabled and if users don't want the labels,
+  they can simply exclude them when extracting the archive.
 
 ## v14
 

diff --git a/mkosi.md b/mkosi.md
index ca76145ea2b965690593cebe9b96e5416e39efea..5158758efcbb2751c216c49e85c500df00620610 100644 (file)
--- a/mkosi.md
+++ b/mkosi.md
@@ -517,15 +517,6 @@ they should be specified with a boolean argument: either "1", "yes", or "true" t
   https://uapi-group.org/specifications/specs/extension_image for more
   information.
 
-`TarStripSELinuxContext=`, `--tar-strip-selinux-context`
-
-: If running on a SELinux-enabled system (Fedora Linux, CentOS, Rocky Linux,
-  Alma Linux), files
-  inside the container are tagged with SELinux context extended
-  attributes (`xattrs`), which may interfere with host SELinux rules
-  in building or further container import stages.  This option strips
-  SELinux context attributes from the resulting tar archive.
-
 ### [Content] Section
 
 `Packages=`, `--package=`, `-p`

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index a49254175e05e3af12e5d177fe9d2026daa4ba9e..f60a5d4d142dc797288d00e147ddf204120dd78d 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -618,7 +618,6 @@ def make_tar(state: MkosiState) -> None:
         "-c", "--xattrs",
         "--xattrs-include=*",
         "--file", state.staging / state.config.output_with_format,
-        *(["--xattrs-exclude=security.selinux"] if state.config.tar_strip_selinux_context else []),
         ".",
     ]
 

diff --git a/mkosi/config.py b/mkosi/config.py
index c41e15156197a36f5c42e940539c524b5b95061b..9ebcd38d9059bc89f945417acee7d5a739758c19 100644 (file)
--- a/mkosi/config.py
+++ b/mkosi/config.py
@@ -644,7 +644,6 @@ class MkosiConfig:
     compress_output: Compression
     image_version: Optional[str]
     image_id: Optional[str]
-    tar_strip_selinux_context: bool
     incremental: bool
     packages: list[str]
     remove_packages: list[str]
@@ -933,14 +932,6 @@ class MkosiConfigParser:
             section="Output",
             help="Set ID for image",
         ),
-        MkosiConfigSetting(
-            dest="tar_strip_selinux_context",
-            metavar="BOOL",
-            nargs="?",
-            section="Output",
-            parse=config_parse_boolean,
-            help="Do not include SELinux file context information in tar. Not compatible with bsdtar.",
-        ),
         MkosiConfigSetting(
             dest="split_artifacts",
             metavar="BOOL",
@@ -2113,9 +2104,6 @@ def load_config(args: argparse.Namespace) -> MkosiConfig:
     if args.cmdline and not args.verb.supports_cmdline():
         die(f"Arguments after verb are not supported for {args.verb}.")
 
-    if shutil.which("bsdtar") and args.distribution == Distribution.openmandriva and args.tar_strip_selinux_context:
-        die("Sorry, bsdtar on OpenMandriva is incompatible with --tar-strip-selinux-context")
-
     if args.cache_dir:
         args.cache_dir = args.cache_dir / f"{args.distribution}~{args.release}"
     if args.build_dir: