Added flag for disable selinux. Default is true (#149)

spectrocloud · Mar 25, 2024 · b5fb859 · b5fb859
1 parent df47153
commit b5fb859
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/Earthfile b/Earthfile
@@ -30,6 +30,7 @@ ARG K8S_DISTRIBUTION
 ARG CUSTOM_TAG
 ARG CLUSTERCONFIG
 ARG ARCH
+ARG DISABLE_SELINUX=true
 
 ARG FIPS_ENABLED=false
 ARG HTTP_PROXY
@@ -355,9 +356,11 @@ base-image:
         chmod 444 /etc/machine-id
     RUN rm /tmp/* -rf
 
+    IF [ "$DISABLE_SELINUX" = "true" ]
     # Ensure SElinux gets disabled
-    RUN if grep "security=selinux" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/security=selinux //g' /etc/cos/bootargs.cfg; fi &&\
-        if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi
+        RUN if grep "security=selinux" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/security=selinux //g' /etc/cos/bootargs.cfg; fi &&\
+            if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi
+    END
 
 # Used to build the installer image.  The installer ISO will be created from this.
 iso-image:

diff --git a/README.md b/README.md
@@ -132,6 +132,7 @@ Skip this step if your base image is ubuntu or opensuse-leap. If you are buildin
 | NO_PROXY         | URLS that should be excluded from proxying (Optional)                                                                                                                                                                                                                                                                                          | string |                         |
 | PROXY_CERT_PATH  | Absolute path of the SSL Proxy certificate in PEM format if needed (Optional)                                                                                                                                                                                                                                                                  | string |                         |
 | UPDATE_KERNEL    | Determines whether to upgrade the Kernel version to the latest from the upstream OS provider                                                                                                                                                                                                                                                   | boolean| `false`                 |
+| DISABLE_SELINUX  | Disable selinux in the operating system.  Some applications (like Kubevirt) do not like selinux                                                                                                                                                                                                                                                | boolean| `true`                  |
 | CLUSTERCONFIG    | Path of the cluster config | string |  |
 
 8. (Optional) If you are building the images behind a proxy server, you may need to modify your docker daemon settings to let it use your proxy server. You can refer this [tutorial](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy).