Disable SELinux policy in EL diskless images

The SELinux policies do not currently work in a diskless build, disable by default, though a user may try to enable it manually after build.
2025-10-30 19:02:29 +00:00 · 2025-02-06 16:30:06 -05:00
parent 82fe75e457
commit 543a42edd6
1 changed files with 6 additions and 2 deletions
--- a/imgutil/imgutil
+++ b/imgutil/imgutil
@@ -224,7 +224,7 @@ def capture_remote(args):
        sys.exit(1)
    oscat = finfo['oscategory']
    subprocess.check_call(['ssh', '-o', 'LogLevel=QUIET', '-t', targ, 'python3', '/run/imgutil/capenv/imgutil', 'capturelocal'])
-    utillib = __file__.replace('bin/imgutil', 'lib/imgutil')        
+    utillib = __file__.replace('bin/imgutil', 'lib/imgutil')
    if oscat.startswith('ubuntu'):
        utillib = os.path.join(utillib, '{}/initramfs-tools/'.format(oscat))
        if not os.path.exists(utillib):
@@ -752,6 +752,10 @@ class ElHandler(OsHandler):
            subprocess.check_call(['yum'] + self.yumargs)
        else:
            subprocess.check_call(['yum', '-y'] + self.yumargs)
+        with open(os.path.join(self.targpath, 'etc/selinux/config'), 'r') as seconfigin:
+            seconfig = seconfigin.read().replace('SELINUX=enforcing', 'SELINUX=disabled')
+        with open(os.path.join(self.targpath, 'etc/selinux/config'), 'w') as seconfigout:
+            seconfigout.write(seconfig)
        with open('/proc/mounts') as mountinfo:
            for line in mountinfo.readlines():
                if line.startswith('selinuxfs '):
@@ -761,7 +765,7 @@ class ElHandler(OsHandler):

    def relabel_targdir(self):
        subprocess.check_call(
-            ['setfiles', '-r', self.targpath, 
+            ['setfiles', '-r', self.targpath,
             '/etc/selinux/targeted/contexts/files/file_contexts',
             self.targpath])