deploy: Don't rebuild selinux policy on first deployment

Basically, it should not be necessary - the policy should be up-to-date. We don't want to force on continual policy rebuilds. Even trying to run bwrap when we're *not* in a booted root can cause failures in nested containerization scenarios. Closes: https://github.com/ostreedev/ostree/issues/2758
2025-01-06 17:18:25 +03:00 · 2022-11-09 11:18:36 -05:00 · 2022-11-09 11:18:36 -05:00 · bd325061dc
commit bd325061dc
parent e153720f89
1 changed files with 3 additions and 3 deletions
--- a/src/libostree/ostree-sysroot-deploy.c
+++ b/src/libostree/ostree-sysroot-deploy.c
@ -2987,12 +2987,12 @@ sysroot_finalize_deployment (OstreeSysroot     *self,
      if (!merge_configuration_from (self, merge_deployment, deployment, deployment_dfd,
                                     cancellable, error))
        return FALSE;
-    }

 #ifdef HAVE_SELINUX
-  if (!sysroot_finalize_selinux_policy(deployment_dfd, error))
-    return FALSE;
+      if (!sysroot_finalize_selinux_policy (deployment_dfd, error))
+        return FALSE;
 #endif /* HAVE_SELINUX */
+    }

  const char *osdeploypath = glnx_strjoina ("ostree/deploy/", ostree_deployment_get_osname (deployment));
  glnx_autofd int os_deploy_dfd = -1;