sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Also use selinuxenabled to check selinux status

Browse Source 
Currently, the cleanup script is using the existence of the folder
/sys/fs/selinux to check if SELinux is enabled. This, however, is
misleading in case disk-image-builder is used inside a Docker
container on a selinux-enabled host. In this case, the folder exists
in the container but SELinux is disabled.

This patch addresses the problem by checking, in addition to the
check already in place, the output of the command selinuxenabled.

Change-Id: I83e58f2467e60df9f0f00f7b7a58d0e2ce357a9a
Closes-Bug: #1820077
This commit is contained in:
Serena Ziviani 2019-03-14 16:23:37 +01:00
parent bdfc13a5c0
commit 19cc00041a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
diskimage_builder/elements/rpm-distro/cleanup.d/99-selinux-fixfiles-restore
View File

@ -45,7 +45,7 @@ fi
# for whatever policy is in the host kernel. We will run under # for whatever policy is in the host kernel. We will run under
# "runcon" to specifically allow this # "runcon" to specifically allow this
_runcon="" _runcon=""
if [[ -d /sys/fs/selinux ]]; then if [[ -d /sys/fs/selinux ]] && selinuxenabled; then
sudo semanage permissive -a setfiles_mac_t sudo semanage permissive -a setfiles_mac_t
_runcon="runcon -t setfiles_mac_t -- " _runcon="runcon -t setfiles_mac_t -- "
fi fi