arm-image-installer

Clone
Source Code
GIT

#38 Fix --norootpass from hosts with disabled SELinux
Closed 4 years ago by jankratochvil. Opened 4 years ago by jankratochvil.
jankratochvil/arm-image-installer jan-relabel  into  master

file modified
+23 -9 
@@ -18,6 +18,8 @@ 
 

  	--media=DEVICE	- media device file (/dev/[sdX|mmcblkX])
 

  	--norootpass	- Remove the root password
 

  	--resizefs	- Resize root filesystem to fill media device
 

+ 	--selinux=off	- Set SELinux off
 

+ 	--selinux=on	- Set SELinux on
 

  	--supported	- List of supported hardware
 

  	--target=TARGET	- target board
 

  	--relabel       - SELinux relabel root filesystem
 
@@ -91,6 +93,14 @@ 
 

  				SELINUX=$2
 

  				shift
 

  			fi
 

+ 			if [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "OFF" ]; then
 

+ 				SELINUX=off
 

+ 			elif [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "ON" ]; then
 

+ 				SELINUX=on
 

+ 			else
 

+ 				echo "Error: Unknown --selinux parameter: $SELINUX"
 

+ 				exit 1
 

+ 			fi
 

  			;;
 

  		--args*)
 

                          if echo $1 | grep '=' >/dev/null ; then
 
@@ -197,6 +207,11 @@ 
 

  	exit 1
 

  fi
 

  

+ if [ "$RELABEL" = "" -a "$NOROOTPASS" != "" -a "$SELINUX" != "off" -a "$(getenforce 2>&1)" != "Enforcing" -a "$(getenforce 2>&1)" != "Permissive" ]; then
 

+ 	echo "Error: SELinux is disabled on host and --norootpass is specified: Either --selinux=off or --relabel is required."
 

+ 	exit 1
 

+ fi
 

+ 

  clear
 

  # Last chance to back out
 

  echo ""
 
@@ -446,15 +461,14 @@ 
 

  fi
 

  

  # turn off selinux
 

- if [ "$SELINUX" != "" ]; then
 

- 	if [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "OFF" ]; then
 

- 		echo "= Turning SELinux off ..."
 

- 		sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /tmp/root/etc/selinux/config
 

- 		# turn on selinux
 

- 	elif [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "ON" ]; then
 

- 		echo "= Turning SELinux on ..."
 

- 		sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /tmp/root/etc/selinux/config
 

- 	fi
 

+ if [ "$SELINUX" = "off" ]; then
 

+ 	echo "= Turning SELinux off ..."
 

+ 	# SELINUX=permissive does not permit login with --norootpass and SELinux disabled on host.
 

+ 	sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /tmp/root/etc/selinux/config
 

+ # turn on selinux
 

+ elif [ "$SELINUX" = "on" ]; then
 

+ 	echo "= Turning SELinux on ..."
 

+ 	sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /tmp/root/etc/selinux/config
 

  fi
 

  # Remove root password
 

  if [ "$NOROOTPASS" = "1" ]; then

We removed the selinux option from the help menu intentionally. I've added a modified fix. Thanks for identifying the issue with selinux disabled on the host.

Pull-Request has been closed by jankratochvil
4 years ago

I sure disagree with pushing SELinux down the throat of users of an unrelated project but that is about all I can do about it. So I think I can close this ticket.
Metadata
None
No Tags
Changes Summary 1
+23 -9
file changed
arm-image-installer
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.