eikon-chroot-security¶
Relabel the deployed root filesystem so SELinux targets boot enforcing-clean.
A freshly mkfs'd and tarball-extracted root filesystem carries no (or stale) SELinux file contexts. On distributions that boot SELinux enforcing (AlmaLinux/RHEL 10, etc.) this leaves PID 1 unable to label /run, /dev, and its own state, so systemd freezes early in first boot.
This task relabels the whole tree in the chroot using the target policy's file_contexts so the very first boot comes up correctly labeled, and also marks the root for a first-boot autorelabel to catch anything written by the later finalize tasks (grub.cfg, initramfs, fstab). If the relabel tooling is missing, it falls back to permissive so the target still boots.
Objects that Reference eikon-chroot-security¶
Not used in current content packs