[PATCH compass-ci] create-image: disable selinux
[Error] [ 5.786497] Run /sbin/init as init process SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.32: No such file or directory Signed-off-by: Wang Chenglong <18509160991@163.com> --- container/osimage/openeuler/create-image | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/container/osimage/openeuler/create-image b/container/osimage/openeuler/create-image index 631bb14..69a5ddc 100755 --- a/container/osimage/openeuler/create-image +++ b/container/osimage/openeuler/create-image @@ -13,6 +13,17 @@ setup_rootfs() ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime rm -f /etc/machine-id /var/lib/dbus/machine-id systemd-machine-id-setup + + # disable selinux + echo "Disable selinux" + if [ -f /etc/selinux/config ]; then + sed -i -r 's/SELINUX=enforcing/SELINUX=disabled/g' "/etc/selinux/config" + else + cat > "/etc/selinux/config" <<-EOF + SELINUX=disabled + SELINUXTYPE=targeted + EOF + fi } setup_login() { -- 2.23.0
On Wed, Jan 20, 2021 at 02:21:50PM +0800, Wang Chenglong wrote:
[Error] [ 5.786497] Run /sbin/init as init process SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.32: No such file or directory
Signed-off-by: Wang Chenglong <18509160991@163.com> --- container/osimage/openeuler/create-image | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/container/osimage/openeuler/create-image b/container/osimage/openeuler/create-image index 631bb14..69a5ddc 100755 --- a/container/osimage/openeuler/create-image +++ b/container/osimage/openeuler/create-image @@ -13,6 +13,17 @@ setup_rootfs() ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime rm -f /etc/machine-id /var/lib/dbus/machine-id systemd-machine-id-setup + + # disable selinux + echo "Disable selinux" + if [ -f /etc/selinux/config ]; then + sed -i -r 's/SELINUX=enforcing/SELINUX=disabled/g' "/etc/selinux/config"
What if there is a line like "# SELINUX=enforcing ...", replace it will make no use. So how about: sed -i -r 's/^.*SELINUX=enforcing.*$/SELINUX=disabled/g' "/etc/selinux/config"
+ else + cat > "/etc/selinux/config" <<-EOF + SELINUX=disabled + SELINUXTYPE=targeted + EOF + fi }
setup_login() { -- 2.23.0
On Wed, Jan 20, 2021 at 03:49:24PM +0800, Xu Xijian wrote:
On Wed, Jan 20, 2021 at 02:21:50PM +0800, Wang Chenglong wrote:
[Error] [ 5.786497] Run /sbin/init as init process SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.32: No such file or directory
Signed-off-by: Wang Chenglong <18509160991@163.com> --- container/osimage/openeuler/create-image | 11 +++++++++++ 1 file changed, 11 insertions(+)
diff --git a/container/osimage/openeuler/create-image b/container/osimage/openeuler/create-image index 631bb14..69a5ddc 100755 --- a/container/osimage/openeuler/create-image +++ b/container/osimage/openeuler/create-image @@ -13,6 +13,17 @@ setup_rootfs() ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime rm -f /etc/machine-id /var/lib/dbus/machine-id systemd-machine-id-setup + + # disable selinux + echo "Disable selinux" + if [ -f /etc/selinux/config ]; then + sed -i -r 's/SELINUX=enforcing/SELINUX=disabled/g' "/etc/selinux/config"
What if there is a line like "# SELINUX=enforcing ...", replace it will make no use. So how about: sed -i -r 's/^.*SELINUX=enforcing.*$/SELINUX=disabled/g' "/etc/selinux/config"
ok. good idea. Thanks, Chenglong
+ else + cat > "/etc/selinux/config" <<-EOF + SELINUX=disabled + SELINUXTYPE=targeted + EOF + fi }
setup_login() { -- 2.23.0
participants (2)
-
Wang Chenglong -
Xu Xijian