anaconda: enable SELinux for live-installer #897
Conversation
The live installer build has been installing non-enforcing systems. This is due to a leftover from the image installer setting the system to permissive. Make it so we apply the contexts and don't write a permissive config for the live installer. Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
The previous commit introduced SElinux to the live installer. This commit brings the pipeline more in line with the os pipeline, SElinux is now a property on the pipeline set in the image. It is hardcoded to be set to targeted for live installers and is considered a programming error to be set for non-live installers. Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
|
Note that I could be convinced to move this to the same paradigm with The non-live installers could be done as a follow up but we have the 'problem' there that we need to ensure that the toggle makes sense and goes to the right place as the anaconda-tree is not the tree being installed to system so we'd have two SElinux policies there. |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
The CentOS Stream 10 unit tests are failing because |
there's dnf5-plugins that replace "core/extras" but they've not done proper provides/obsoleted etc. I think core needs to come back, I am going to file a bug on this because it bit me the other day too in a different usecase, will reference the bug |
Thanks! Though, doing a quick check with the |
The live installer build has been installing non-enforcing systems. This is due to a leftover from the image installer setting the system to permissive.
Make it so we apply the contexts and don't write a permissive config for the live installer.
Closes #460 which has been flying under my radar for entirely too long.