Also use selinuxenabled to check selinux status
Currently, the cleanup script is using the existence of the folder /sys/fs/selinux to check if SELinux is enabled. This, however, is misleading in case disk-image-builder is used inside a Docker container on a selinux-enabled host. In this case, the folder exists in the container but SELinux is disabled. This patch addresses the problem by checking, in addition to the check already in place, the output of the command selinuxenabled. Change-Id: I83e58f2467e60df9f0f00f7b7a58d0e2ce357a9a Closes-Bug: #1820077
This commit is contained in:
parent
bdfc13a5c0
commit
19cc00041a
@ -45,7 +45,7 @@ fi
|
||||
# for whatever policy is in the host kernel. We will run under
|
||||
# "runcon" to specifically allow this
|
||||
_runcon=""
|
||||
if [[ -d /sys/fs/selinux ]]; then
|
||||
if [[ -d /sys/fs/selinux ]] && selinuxenabled; then
|
||||
sudo semanage permissive -a setfiles_mac_t
|
||||
_runcon="runcon -t setfiles_mac_t -- "
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user