lib: Add selinux=0 to default kernel command line.

SELinux exists in a very disturbed state if it is enabled at
boot time, but no policy is loaded.  In particular, it messes
up the security.selinux extended attributes on files in a
not-very-useful way.

We can't enable SELinux because we don't know what policy
can or should be loaded.  Therefore it's best to disable it
completely.

diff --git a/src/guestfs.c b/src/guestfs.c
index 72cd2f3..63e24f0 100644 (file)
--- a/src/guestfs.c
+++ b/src/guestfs.c
@@ -1044,7 +1044,8 @@ guestfs_launch (guestfs_h *g)
     "udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */  \
     "noapic "          /* workaround for RHBZ#502058 - ok if not SMP */ \
     "acpi=off "        /* we don't need ACPI, turn it off */           \
-    "cgroup_disable=memory " /* saves us about 5 MB of RAM */
+    "cgroup_disable=memory " /* saves us about 5 MB of RAM */           \
+    "selinux=0 "       /* SELinux is messed up if there's no policy */
 
     /* Linux kernel command line. */
     snprintf (append, sizeof append,