Fail build due to missing kauditd only when SELinux is enabled

With the check added in commit 7566819139,
diskimage-builder fails to build RPM-based images if kauditd is not
running. However, this is only valid for environments where SELinux is
enabled. If SELinux is disabled (which is identified by an empty _runcon
variable), proceed with running setfiles.

Change-Id: I1b056f20a3a55f7333391207d9e1049d25ece041
Closes-Bug: #1779273
This commit is contained in:
Pierre Riteau 2018-10-05 10:02:14 +01:00
parent 3e6d658687
commit bacceba41d

View File

@ -66,8 +66,8 @@ fi
IFS='|' read -ra SPLIT_MOUNTS <<< "$DIB_MOUNTPOINTS" IFS='|' read -ra SPLIT_MOUNTS <<< "$DIB_MOUNTPOINTS"
for MOUNTPOINT in "${SPLIT_MOUNTS[@]}"; do for MOUNTPOINT in "${SPLIT_MOUNTS[@]}"; do
if [ "${MOUNTPOINT}" != "/tmp/in_target.d" ] && [ "${MOUNTPOINT}" != "/dev" ] && [ "${MOUNTPOINT}" != "/boot/efi" ]; then if [ "${MOUNTPOINT}" != "/tmp/in_target.d" ] && [ "${MOUNTPOINT}" != "/dev" ] && [ "${MOUNTPOINT}" != "/boot/efi" ]; then
if ! pgrep kauditd >/dev/null; then if ! [ -z ${_runcon} ] && ! pgrep kauditd >/dev/null; then
echo "*** kauditd not found, suggesting auditing support is disabled in the host kernel. setfiles will fail without this, please enable and rebuild" echo "*** SELinux enabled and kauditd not found, suggesting auditing support is disabled in the host kernel. setfiles will fail without this, please enable and rebuild"
exit 1 exit 1
fi fi
sudo ${_runcon} chroot ${TARGET_ROOT} \ sudo ${_runcon} chroot ${TARGET_ROOT} \