vmcheck: use --selinux-policy when committing

Let's make SELinux and atomic-host-tests happy with trees we concoct
ourselves by using the new --selinux-policy. (Specifically, we want our
sync'ed binaries to have install_exec_t).

Closes: #953
Approved by: cgwalters
This commit is contained in:
Jonathan Lebon 2017-09-01 16:35:52 -04:00 committed by Atomic Bot
parent 50ecc04cb6
commit b0c75ae900

View File

@ -45,6 +45,17 @@ rsync -rlv $INSTTREE/usr/ vmcheck/usr/
if [ -d $INSTTREE/etc ]; then # on CentOS, the dbus service file is in /usr
rsync -rlv $INSTTREE/etc/ vmcheck/usr/etc/
fi
# ✀✀✀ BEGIN hack to get --selinux-policy (https://github.com/ostreedev/ostree/pull/1114) ✀✀✀
if ! ostree commit --help | grep -q -e --selinux-policy; then
# this is fine, rsync doesn't modify in place
mount -o rw,remount /usr
# don't overwrite /etc/ to not mess up 3-way merge
rsync -rlv --exclude '/etc/' vmcheck/usr/ /usr/
fi
# ✀✀✀ END hack to get --selinux-policy ✀✀✀
ostree refs --delete vmcheck || true
ostree commit -b vmcheck -s '' --tree=dir=vmcheck --link-checkout-speedup
ostree commit -b vmcheck --link-checkout-speedup \
--selinux-policy=vmcheck --tree=dir=vmcheck
ostree admin deploy vmcheck