Skip to content

Commit

Permalink
Merge pull request #52 from Ultramarine-Linux/lleyton/fix-selinux
Browse files Browse the repository at this point in the history
fix: selinux and sync live.sh with upstream
  • Loading branch information
lleyton authored Oct 4, 2024
2 parents 3bac236 + 555d7d1 commit 68f4f20
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 35 deletions.
2 changes: 1 addition & 1 deletion katsu/modules/base/selinux.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ set -euxo pipefail

echo "Setting up SELinux..."

setfiles -F -r "${CHROOT}" "${CHROOT}"/etc/selinux/targeted/contexts/files/file_contexts "${CHROOT}"
setfiles -m -F -r "${CHROOT}" -c "${CHROOT}"/etc/selinux/targeted/policy/policy.* "${CHROOT}"/etc/selinux/targeted/contexts/files/file_contexts "${CHROOT}"
52 changes: 18 additions & 34 deletions katsu/modules/live/live.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,22 @@ systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >>/etc/fstab <<EOF
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF

# work around for poor key import UI in PackageKit
# rm -f /var/lib/rpm/__db*
rm -f /var/lib/rpm/__db*
echo "Packages within this LiveCD"
rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' | sort -rn
rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*

# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb -c
/usr/bin/mandb

# make sure there aren't core files lying around
rm -f /core*

# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
Expand All @@ -33,12 +36,9 @@ rm -f /var/lib/systemd/random-seed
echo 'File created by katsu. See systemd-update-done.service(8).' |
tee /etc/.updated >/var/.updated

# Set locales in chroot
cat >/etc/locale.conf <<EOF
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
LC_ALL=en_US.UTF-8
EOF
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*

# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794
Expand All @@ -49,12 +49,18 @@ systemctl disable systemd-networkd-wait-online
systemctl disable openvpn-client@\*.service
systemctl disable openvpn-server@\*.service

# END options from upstream https://pagure.io/fedora-kickstarts/blob/f41/f/fedora-live-base.ks

# Remove machine-id on pre generated images
rm -f /etc/machine-id
touch /etc/machine-id

# make sure there aren't core files lying around
rm -f /core*
# Set locales in chroot
cat >/etc/locale.conf <<EOF
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
LC_ALL=en_US.UTF-8
EOF

systemctl set-default graphical.target

Expand All @@ -64,27 +70,5 @@ rm -rf /.unconfigured
systemctl disable initial-setup || true
EOF

echo "Setting up some extra post scripts"

anaconda_dir=/usr/share/anaconda/post-scripts

mkdir -p "$anaconda_dir"

cat > "$anaconda_dir/01-selinux.ks" << EOF
%post
echo "Setting up SELinux..."
setfiles -F -e /proc -e /sys -e /dev -e /bin /etc/selinux/targeted/contexts/files/file_contexts / || true
setfiles -F -e /proc -e /sys -e /dev /etc/selinux/targeted/contexts/files/file_contexts.bin /bin || true
%end
EOF


# Delete the firefox redhat configs, debranding
rm -rf /usr/lib64/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js


# Disable sysroot.mount
systemctl disable sysroot.mount || true

0 comments on commit 68f4f20

Please sign in to comment.