diff options
authorAlfredo Moralejo <>2017-07-26 18:51:54 +0200
committerAlfredo Moralejo <>2017-07-26 18:57:25 +0200
commitb1961e14ea6e3bcdc80ca6e02e80646280b3a86a (patch)
parent609bcee27bdc8d189da9108f4ddd98768827defd (diff)
Use SELinuxfs to check selinux status2.7.2
Currently, the cleanup script is using existence of semanage binary to check if selinux is enabled. However this is misleading and can lead to problems when selinux is disabled in a system where the binary exist. This patch changes the detection logic to use /sys/fs/selinux directory which is a in-memory filesystem created only when selinux is really enabled. Change-Id: I008f8bbc9c8414ce948c601e3907e27764e15a52 Related-Bug: 1706386
Notes (review): Code-Review+1: Emilien Macchi <> Code-Review+2: Ian Wienand <> Workflow+1: Ian Wienand <> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Wed, 26 Jul 2017 23:09:10 +0000 Reviewed-on: Project: openstack/diskimage-builder Branch: refs/heads/master
1 files changed, 1 insertions, 1 deletions
diff --git a/diskimage_builder/elements/rpm-distro/cleanup.d/99-selinux-fixfiles-restore b/diskimage_builder/elements/rpm-distro/cleanup.d/99-selinux-fixfiles-restore
index c4b1e1e..a179ae9 100755
--- a/diskimage_builder/elements/rpm-distro/cleanup.d/99-selinux-fixfiles-restore
+++ b/diskimage_builder/elements/rpm-distro/cleanup.d/99-selinux-fixfiles-restore
@@ -45,7 +45,7 @@ fi
45# for whatever policy is in the host kernel. We will run under 45# for whatever policy is in the host kernel. We will run under
46# "runcon" to specifically allow this 46# "runcon" to specifically allow this
47_runcon="" 47_runcon=""
48if [[ -x /usr/sbin/semanage ]]; then 48if [[ -d /sys/fs/selinux ]]; then
49 sudo semanage permissive -a setfiles_mac_t 49 sudo semanage permissive -a setfiles_mac_t
50 _runcon="runcon -t setfiles_mac_t -- " 50 _runcon="runcon -t setfiles_mac_t -- "
51fi 51fi