From 6edbf5bcb9a3416ac571b1cfb43da526badb8771 Mon Sep 17 00:00:00 2001
From: Davide Cavalca <dcavalca@fedoraproject.org>
Date: Thu, 22 Sep 2022 12:57:35 +0000
Subject: [PATCH] Force selinux relabel on firstboot

---
 config.sh               |  6 ++++++
 root/etc/selinux/config | 14 --------------
 2 files changed, 6 insertions(+), 14 deletions(-)
 delete mode 100644 root/etc/selinux/config

diff --git a/config.sh b/config.sh
index 553c54d..29e45f1 100755
--- a/config.sh
+++ b/config.sh
@@ -82,4 +82,10 @@ rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn
 # Note that running rpm recreates the rpm db files which aren't needed or wanted
 rm -f /var/lib/rpm/__db*
 
+#======================================
+# Force selinux relabel on firstboot
+#--------------------------------------
+# Workaround for https://github.com/OSInside/kiwi/issues/2192
+touch /.autorelabel
+
 exit 0
diff --git a/root/etc/selinux/config b/root/etc/selinux/config
deleted file mode 100644
index 806cb52..0000000
--- a/root/etc/selinux/config
+++ /dev/null
@@ -1,14 +0,0 @@
-
-# This file controls the state of SELinux on the system.
-# SELINUX= can take one of these three values:
-#     enforcing - SELinux security policy is enforced.
-#     permissive - SELinux prints warnings instead of enforcing.
-#     disabled - No SELinux policy is loaded.
-SELINUX=permissive
-# SELINUXTYPE= can take one of these three values:
-#     targeted - Targeted processes are protected,
-#     minimum - Modification of targeted policy. Only selected processes are protected. 
-#     mls - Multi Level Security protection.
-SELINUXTYPE=targeted
-
-