Ovirt devel - Sep 2008 - [PATCH node-image] set SELinux enforcing temporary to permissive

otherwise SELinux modules do not get loaded in livecd install chroot

Signed-off-by: Alan Pevec <apevec at redhat.com>
---
 ovirt-node-image.spec.in |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ovirt-node-image.spec.in b/ovirt-node-image.spec.in
index 58b6e46..33fd78d 100644
--- a/ovirt-node-image.spec.in
+++ b/ovirt-node-image.spec.in
@@ -58,8 +58,17 @@ EOF
 mkdir -p %{ovirt_cache_dir}/node-image-tmp
 mkdir -p %{ovirt_cache_dir}/yum
 
-sudo su - -c "cd $(pwd) && livecd-creator --skip-minimize -c
%{name}.ks -f %{name} \
-               --tmpdir='%{ovirt_cache_dir}/node-image-tmp'
--cache='%{ovirt_cache_dir}/yum'"
+sudo su - -c "cd $(pwd) &&
+              if [ $(cat /selinux/enforce) = 1 ]; then
+                enforcing=1
+                setenforce 0
+              else
+                enforcing=0
+              fi
+              livecd-creator --skip-minimize -c %{name}.ks -f %{name} \
+               --tmpdir='%{ovirt_cache_dir}/node-image-tmp' \
+               --cache='%{ovirt_cache_dir}/yum'
+              setenforce \$enforcing"
 sudo su - -c "cd $(pwd) && ./ovirt-pxe %{name}.iso"
 sudo su - -c "cd $(pwd) && chown -R $USER ."
 
-- 
1.5.5.1

Alan Pevec wrote:
> otherwise SELinux modules do not get loaded in livecd install chroot
ACK
> Signed-off-by: Alan Pevec <apevec at redhat.com>
> ---
>  ovirt-node-image.spec.in |   13 +++++++++++--
>  1 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/ovirt-node-image.spec.in b/ovirt-node-image.spec.in
> index 58b6e46..33fd78d 100644
> --- a/ovirt-node-image.spec.in
> +++ b/ovirt-node-image.spec.in
> @@ -58,8 +58,17 @@ EOF
>  mkdir -p %{ovirt_cache_dir}/node-image-tmp
>  mkdir -p %{ovirt_cache_dir}/yum
>  
> -sudo su - -c "cd $(pwd) && livecd-creator --skip-minimize -c
%{name}.ks -f %{name} \
> -               --tmpdir='%{ovirt_cache_dir}/node-image-tmp'
--cache='%{ovirt_cache_dir}/yum'"
> +sudo su - -c "cd $(pwd) &&
> +              if [ $(cat /selinux/enforce) = 1 ]; then
> +                enforcing=1
> +                setenforce 0
> +              else
> +                enforcing=0
> +              fi
> +              livecd-creator --skip-minimize -c %{name}.ks -f %{name} \
> +               --tmpdir='%{ovirt_cache_dir}/node-image-tmp' \
> +               --cache='%{ovirt_cache_dir}/yum'
> +              setenforce \$enforcing"
>  sudo su - -c "cd $(pwd) && ./ovirt-pxe %{name}.iso"
>  sudo su - -c "cd $(pwd) && chown -R $USER ."
>  
-- 
|=-        Red Hat, Engineering, Emerging Technologies, Boston        -=|
|=-                     Email: pmyers at redhat.com                      -=|
|=-         Office: +1 412 474 3552   Mobile: +1 703 362 9622         -=|
|=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|

Alan Pevec <apevec at redhat.com> wrote:
> otherwise SELinux modules do not get loaded in livecd install chroot
>
> Signed-off-by: Alan Pevec <apevec at redhat.com>
> ---
>  ovirt-node-image.spec.in |   13 +++++++++++--
>  1 files changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/ovirt-node-image.spec.in b/ovirt-node-image.spec.in
> index 58b6e46..33fd78d 100644
> --- a/ovirt-node-image.spec.in
> +++ b/ovirt-node-image.spec.in
> @@ -58,8 +58,17 @@ EOF
>  mkdir -p %{ovirt_cache_dir}/node-image-tmp
>  mkdir -p %{ovirt_cache_dir}/yum
>
> -sudo su - -c "cd $(pwd) && livecd-creator --skip-minimize -c
%{name}.ks -f %{name} \
> -               --tmpdir='%{ovirt_cache_dir}/node-image-tmp'
--cache='%{ovirt_cache_dir}/yum'"
> +sudo su - -c "cd $(pwd) &&
> +              if [ $(cat /selinux/enforce) = 1 ]; then
To be on the safe side, use double quotes around the $(...) result.
Otherwise, when the file is empty or nonexistent (I saw the latter
recently, before SELinux worked), then you get a shell syntax error.

                 if [ "$(cat /selinux/enforce)" = 1 ]; then

Alternatively, use a case stmt, where you don't need the quotes:

    case $(cat /selinux/enforce) in
        1) enforcing=1 ; setenforce 0 ;;
        *) enforcing=0 ;;
    esac

Hmm...  I wrote the above, then realized that this code is within
a double-quoted string, so you can't naively double-quote the string
as I first suggested.
> +                enforcing=1
> +                setenforce 0
> +              else
> +                enforcing=0
> +              fi
> +              livecd-creator --skip-minimize -c %{name}.ks -f %{name} \
> +               --tmpdir='%{ovirt_cache_dir}/node-image-tmp' \
> +               --cache='%{ovirt_cache_dir}/yum'
> +              setenforce \$enforcing"
>  sudo su - -c "cd $(pwd) && ./ovirt-pxe %{name}.iso"
>  sudo su - -c "cd $(pwd) && chown -R $USER ."