installimage icon indicating copy to clipboard operation
installimage copied to clipboard

Published 20 hours ago verified publisher icon hetzneronline

Autorelabel should be done for permissive SELinux

Open palonsoro opened this issue 2 years ago • 2 comments

On centos specific configuration script, an autorelabel is triggered only if SELinux is configured in enforcing mode[1].

However, it should be also triggered in permissive mode. The reason is that rescue environment does not have SELinux enabled, so the files it creates are unlabeled and remain unlabeled, so permissive mode would report false alerts and, what is worse, there would be failures if enforcing mode is set.

An example of a CentOS version that installs with SELinux set to permissive mode is the Centos Stream 8 version available at the time this issue is being reported.

[1] - https://github.com/hetzneronline/installimage/blob/master/centos.sh#L161

palonsoro avatar Jul 22 '22 14:07 palonsoro

Opened #55 to address this

palonsoro avatar Jul 22 '22 14:07 palonsoro

Any chances this can be reviewed? This should be easy and quick to fix with attached PR.

palonsoro avatar Sep 13 '22 16:09 palonsoro

Thank you very much.

palonsoro avatar Nov 02 '22 15:11 palonsoro