From: Daan De Meyer Date: Sat, 5 Aug 2023 13:49:54 +0000 (+0200) Subject: Remove TarStripSelinuxContext= X-Git-Tag: v15~35^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e3e339f32436de3b25edd5de55f22edd376405a;p=thirdparty%2Fmkosi.git Remove TarStripSelinuxContext= We now generate images with correct selinux labels. If selinux labels are not needed, they can simply be excluded when extracting the archive, but let's always include them when generating the archive and then users can choose what to do with the labels when extracting. --- diff --git a/NEWS.md b/NEWS.md index 938065a08..ec3182ced 100644 --- a/NEWS.md +++ b/NEWS.md @@ -103,6 +103,9 @@ exec mkosi-chroot "$SCRIPT" "$@" fi ``` +- Removed `--tar-strip-selinux-context=` option. We now label all files + properly if selinux is enabled and if users don't want the labels, + they can simply exclude them when extracting the archive. ## v14 diff --git a/mkosi.md b/mkosi.md index ca76145ea..5158758ef 100644 --- a/mkosi.md +++ b/mkosi.md @@ -517,15 +517,6 @@ they should be specified with a boolean argument: either "1", "yes", or "true" t https://uapi-group.org/specifications/specs/extension_image for more information. -`TarStripSELinuxContext=`, `--tar-strip-selinux-context` - -: If running on a SELinux-enabled system (Fedora Linux, CentOS, Rocky Linux, - Alma Linux), files - inside the container are tagged with SELinux context extended - attributes (`xattrs`), which may interfere with host SELinux rules - in building or further container import stages. This option strips - SELinux context attributes from the resulting tar archive. - ### [Content] Section `Packages=`, `--package=`, `-p` diff --git a/mkosi/__init__.py b/mkosi/__init__.py index a49254175..f60a5d4d1 100644 --- a/mkosi/__init__.py +++ b/mkosi/__init__.py @@ -618,7 +618,6 @@ def make_tar(state: MkosiState) -> None: "-c", "--xattrs", "--xattrs-include=*", "--file", state.staging / state.config.output_with_format, - *(["--xattrs-exclude=security.selinux"] if state.config.tar_strip_selinux_context else []), ".", ] diff --git a/mkosi/config.py b/mkosi/config.py index c41e15156..9ebcd38d9 100644 --- a/mkosi/config.py +++ b/mkosi/config.py @@ -644,7 +644,6 @@ class MkosiConfig: compress_output: Compression image_version: Optional[str] image_id: Optional[str] - tar_strip_selinux_context: bool incremental: bool packages: list[str] remove_packages: list[str] @@ -933,14 +932,6 @@ class MkosiConfigParser: section="Output", help="Set ID for image", ), - MkosiConfigSetting( - dest="tar_strip_selinux_context", - metavar="BOOL", - nargs="?", - section="Output", - parse=config_parse_boolean, - help="Do not include SELinux file context information in tar. Not compatible with bsdtar.", - ), MkosiConfigSetting( dest="split_artifacts", metavar="BOOL", @@ -2113,9 +2104,6 @@ def load_config(args: argparse.Namespace) -> MkosiConfig: if args.cmdline and not args.verb.supports_cmdline(): die(f"Arguments after verb are not supported for {args.verb}.") - if shutil.which("bsdtar") and args.distribution == Distribution.openmandriva and args.tar_strip_selinux_context: - die("Sorry, bsdtar on OpenMandriva is incompatible with --tar-strip-selinux-context") - if args.cache_dir: args.cache_dir = args.cache_dir / f"{args.distribution}~{args.release}" if args.build_dir: