chore: fixup paths for selinux

Using the service-info-api server with selinux requires us to put anything we want to send to the device under /var/lib/fdo as that directory, and its files, will now get the correct selinux label. The previous approach opens up for security issues by leaving the process basically accessing the whole host. Signed-off-by: Antonio Murdaca <[email protected]>
fdo-rs · Aug 30, 2023 · 9a7683a · 9a7683a
1 parent 3d3cdf1
commit 9a7683a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/HOWTO.md b/HOWTO.md
@@ -446,10 +446,10 @@ service_info:
     sshkeys:
     - "testkey"
   files:
-  - path: /device/etc/hosts
+  - path: /var/lib/fdo/etc/hosts
     permissions: 644
     source_path: /server/local/etc/hosts
-  - path: /device/etc/resolv.conf
+  - path: /var/lib/fdo/etc/resolv.conf
     source_path: /server/local/etc/resolv.conf
   commands:
   - command: ls

diff --git a/examples/config/serviceinfo-api-server.yml b/examples/config/serviceinfo-api-server.yml
@@ -11,10 +11,10 @@ service_info:
     sshkeys:
     - "testkey"
   files:
-  - path: /device/etc/hosts
+  - path: /var/lib/fdo/etc/hosts
     permissions: 644
     source_path: /server/local/etc/hosts
-  - path: /device/etc/resolv.conf
+  - path: /var/lib/fdo/etc/resolv.conf
     source_path: /server/local/etc/resolv.conf
   commands:
   - command: ls