org.osbuild.selinux

Set SELinux file contexts

Sets correct SELinux labels for every file in the tree, according to the SELinux policy installed inside the tree. Uses the host's setfiles program and the tree's file_contexts, usually /etc/selinux/<SELINUXTYPE>/contexts/files/file_contexts where <SELINUXTYPE> is the value set in /etc/selinux/config (usually "targeted" but may also be "minimum" or "mls"). This stage may set or modify xattrs for any file inside the tree, but should not need to create files, modify file contents, or read any files other than file_contexts. This stage should run after all other stages that create (or move) files, since labels for newly-created files are determined by the host's SELinux policy and may not match the tree's policy.

Schema 1

{}

Schema 2

{
  "options": {
    "additionalProperties": false,
    "anyOf": [
      {
        "required": [
          "file_contexts"
        ]
      },
      {
        "required": [
          "labels"
        ]
      }
    ],
    "properties": {
      "file_contexts": {
        "type": "string",
        "description": "Path to the active SELinux policy's `file_contexts`"
      },
      "exclude_paths": {
        "type": "array",
        "description": "Paths to exclude when setting labels via file_contexts",
        "items": {
          "type": "string"
        }
      },
      "labels": {
        "type": "object",
        "description": "Labels to set of the specified files or folders",
        "items": {
          "type": "object"
        }
      },
      "force_autorelabel": {
        "type": "boolean",
        "description": "Do not use. Forces auto-relabelling on first boot.",
        "default": false
      }
    }
  },
  "devices": {
    "type": "object",
    "additionalProperties": true
  },
  "mounts": {
    "type": "array"
  }
}