#38 Fix --norootpass from hosts with disabled SELinux
Closed a year ago by jankratochvil. Opened a year ago by jankratochvil.
jankratochvil/arm-image-installer jan-relabel  into  master

file modified
+23 -9
@@ -18,6 +18,8 @@ 

  	--media=DEVICE	- media device file (/dev/[sdX|mmcblkX])

  	--norootpass	- Remove the root password

  	--resizefs	- Resize root filesystem to fill media device

+ 	--selinux=off	- Set SELinux off

+ 	--selinux=on	- Set SELinux on

  	--supported	- List of supported hardware

  	--target=TARGET	- target board

  	--relabel       - SELinux relabel root filesystem
@@ -91,6 +93,14 @@ 

  				SELINUX=$2

  				shift

  			fi

+ 			if [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "OFF" ]; then

+ 				SELINUX=off

+ 			elif [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "ON" ]; then

+ 				SELINUX=on

+ 			else

+ 				echo "Error: Unknown --selinux parameter: $SELINUX"

+ 				exit 1

+ 			fi

  			;;

  		--args*)

                          if echo $1 | grep '=' >/dev/null ; then
@@ -197,6 +207,11 @@ 

  	exit 1

  fi

  

+ if [ "$RELABEL" = "" -a "$NOROOTPASS" != "" -a "$SELINUX" != "off" -a "$(getenforce 2>&1)" != "Enforcing" -a "$(getenforce 2>&1)" != "Permissive" ]; then

+ 	echo "Error: SELinux is disabled on host and --norootpass is specified: Either --selinux=off or --relabel is required."

+ 	exit 1

+ fi

+ 

  clear

  # Last chance to back out

  echo ""
@@ -446,15 +461,14 @@ 

  fi

  

  # turn off selinux

- if [ "$SELINUX" != "" ]; then

- 	if [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "OFF" ]; then

- 		echo "= Turning SELinux off ..."

- 		sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /tmp/root/etc/selinux/config

- 		# turn on selinux

- 	elif [ "$(echo ${SELINUX} | tr [:lower:] [:upper:])" = "ON" ]; then

- 		echo "= Turning SELinux on ..."

- 		sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /tmp/root/etc/selinux/config

- 	fi

+ if [ "$SELINUX" = "off" ]; then

+ 	echo "= Turning SELinux off ..."

+ 	# SELINUX=permissive does not permit login with --norootpass and SELinux disabled on host.

+ 	sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /tmp/root/etc/selinux/config

+ # turn on selinux

+ elif [ "$SELINUX" = "on" ]; then

+ 	echo "= Turning SELinux on ..."

+ 	sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /tmp/root/etc/selinux/config

  fi

  # Remove root password

  if [ "$NOROOTPASS" = "1" ]; then

We removed the selinux option from the help menu intentionally. I've added a modified fix. Thanks for identifying the issue with selinux disabled on the host.

Pull-Request has been closed by jankratochvil

a year ago

I sure disagree with pushing SELinux down the throat of users of an unrelated project but that is about all I can do about it. So I think I can close this ticket.

Metadata