Function selabel

Source

pub fn selabel<H: FsVerityHashValue>(
    fs: &mut FileSystem<H>,
    repo: &Repository<H>,
) -> Result<bool>

Expand description

Applies SELinux security contexts to all files in a filesystem tree.

Reads the SELinux policy from /etc/selinux/config and corresponding policy files, then labels all filesystem nodes with appropriate security.selinux extended attributes.

If no SELinux policy is found in the target filesystem, any existing security.selinux xattrs are stripped. This prevents build-time SELinux labels (e.g., container_t) from leaking into the final image when targeting a non-SELinux host.

§Arguments

fs - The filesystem to label
repo - The composefs repository

§Returns

Returns Ok(true) if SELinux labeling was performed (policy was found), or Ok(false) if no policy was found and existing labels were stripped.

selabel

Function selabel Copy item path

§Arguments

§Returns

Function selabel