selinux tweak

author: Gerd Hoffmann <kraxel@redhat.com> 2017-07-06 16:55:44 +0200
committer: Gerd Hoffmann <kraxel@redhat.com> 2017-07-06 16:55:44 +0200
commit: f2a6270bd9716780c45a17a119854938071a65df (patch)
tree: f276d9a661c25f2131ae4cbb4c228f1796c35774
parent: 0847d3c7ef77d55a6e6070b6f3da4a6c20efaa1a (diff)
download: imagefish-f2a6270bd9716780c45a17a119854938071a65df.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/scripts/install-redhat.sh b/scripts/install-redhat.sh
index 227c3b3..a705f7a 100755
--- a/scripts/install-redhat.sh
+++ b/scripts/install-redhat.sh
@@ -188,6 +188,14 @@ if test ! -f ${dest}/etc/sysconfig/kernel; then
 	echo "DEFAULTKERNEL=kernel-core"	>> $WORK/sys-kernel
 	sudo cp $WORK/sys-kernel ${dest}/etc/sysconfig/kernel
 fi
+if test -f ${dest}/etc/selinux/config; then
+	# Ask for relabel.
+	# Put selinux into permissive, relabel might fail otherwise.
+	# After first boot (which relabels) setting enforcing should work.
+	sed -i -e 's/^SELINUX=.*/SELINUX=permissive/' \
+		${dest}/etc/selinux/config
+	touch "${dest}/.autorelabel"
+fi
 sudo rm -rf "${dest}/var/cache/"{dnf,yum}
 
 if test "$tarb" != ""; then
diff --git a/scripts/tar-to-image.sh b/scripts/tar-to-image.sh
index 0d3bdaa..264cde4 100755
--- a/scripts/tar-to-image.sh
+++ b/scripts/tar-to-image.sh
@@ -178,7 +178,6 @@ function fish_copy_tar() {
 	msg "copying tarball to image"
 	fish tar-in	$tarb	/	compress:gzip
 	fish copy-in	$fstab	/etc
-	fish write /.autorelabel ""
 }
 
 function fish_part_efi_grub2() {
author	Gerd Hoffmann <kraxel@redhat.com>	2017-07-06 16:55:44 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2017-07-06 16:55:44 +0200
commit	f2a6270bd9716780c45a17a119854938071a65df (patch)
tree	f276d9a661c25f2131ae4cbb4c228f1796c35774
parent	0847d3c7ef77d55a6e6070b6f3da4a6c20efaa1a (diff)
download	imagefish-f2a6270bd9716780c45a17a119854938071a65df.tar.gz