ea257c96d9
The SELinux relabel of the filesystem is taking almost 2 minutes and isn't needed unless you actually plan to run with SELinux enforcing. Plus, it appears to "leak" out of the chroot, referencing filesystems on partitions that aren't even mounted in the chroot. Note you just can't use getenforce or selinuxenabled here to get the state of SELinux because those commands are not accurate inside a chroot. TBH, a downside of this is that if someone goes to try to enable SELinux in an image where it was built with it not enabled, the file contexts are going to be wrong. So they'd need to relabel themselves at that point. However, this saves me quite a bit of time during image builds, so I thought I'd submit to get other folks opinion on it. Change-Id: I2132060d573fc93cf974f3560fdc651ff8ba38b4 |
||
|---|---|---|
| .. | ||
| finalise.d | ||
| post-install.d | ||
| pre-install.d | ||