Autorelabel should be done for permissive SELinux #54
Comments
palonsoro
added a commit
to palonsoro/installimage
that referenced
this issue
Jul 22, 2022
|
Opened #55 to address this |
|
Any chances this can be reviewed? This should be easy and quick to fix with attached PR. |
|
Thank you very much. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On centos specific configuration script, an autorelabel is triggered only if SELinux is configured in enforcing mode[1].
However, it should be also triggered in permissive mode. The reason is that rescue environment does not have SELinux enabled, so the files it creates are unlabeled and remain unlabeled, so permissive mode would report false alerts and, what is worse, there would be failures if enforcing mode is set.
An example of a CentOS version that installs with SELinux set to permissive mode is the Centos Stream 8 version available at the time this issue is being reported.
[1] - https://github.com/hetzneronline/installimage/blob/master/centos.sh#L161
The text was updated successfully, but these errors were encountered: