distro: new image config to disable selinux

We don't need to label container artifacts, so include an option in the image config to disable it. NB: This is a boolean that with the default false in order to not have to change every existing image configuration.
2022-06-27 17:04:57 +02:00 · 2022-06-27 17:04:57 +02:00 · f37a791bd2
commit f37a791bd2
parent 4b7dc3bbec
6 changed files with 19 additions and 4 deletions
--- a/internal/distro/fedora/pipelines.go
+++ b/internal/distro/fedora/pipelines.go
@ -268,6 +268,10 @@ func osPipeline(buildPipeline *pipeline.BuildPipeline,
 		pl.NTPServers = imageConfig.TimeSynchronization.Timeservers
 	}

+	if imageConfig.NoSElinux {
+		pl.SElinux = ""
+	}
+
 	pl.Grub2Config = imageConfig.Grub2Config
 	pl.Sysconfig = imageConfig.Sysconfig
 	pl.SystemdLogind = imageConfig.SystemdLogind
--- a/internal/distro/image_config.go
+++ b/internal/distro/image_config.go
@ -23,6 +23,9 @@ type ImageConfig struct {
 	// List of files from which to import GPG keys into the RPM database
 	GPGKeyFiles []string

+	// Disable SELinux labelling
+	NoSElinux bool
+
 	// for RHSM configuration, we need to potentially distinguish the case
 	// when the user want the image to be subscribed on first boot and when not
 	RHSMConfig         map[RHSMSubscriptionStatus]*osbuild2.RHSMStageOptions
--- a/internal/distro/rhel7/pipelines.go
+++ b/internal/distro/rhel7/pipelines.go
@ -285,7 +285,9 @@ func osPipeline(t *imageType,
 		p.AddStage(bootloader)
 	}

-	p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	if !imageConfig.NoSElinux {
+		p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	}

 	return p, nil
 }
--- a/internal/distro/rhel85/pipelines.go
+++ b/internal/distro/rhel85/pipelines.go
@ -678,7 +678,9 @@ func osPipelineRhel86(t *imageType,
 		p.AddStage(bootloaderConfigStage(t, pt, c.GetKernel(), kernelVer, false, false))
 	}

-	p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	if !imageConfig.NoSElinux {
+		p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	}

 	if t.rpmOstree {
 		p.AddStage(osbuild.NewOSTreePrepTreeStage(&osbuild.OSTreePrepTreeStageOptions{
--- a/internal/distro/rhel86/pipelines.go
+++ b/internal/distro/rhel86/pipelines.go
@ -643,7 +643,9 @@ func osPipeline(t *imageType,
 		p.AddStage(bootloader)
 	}

-	p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	if !imageConfig.NoSElinux {
+		p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	}

 	if t.rpmOstree {
 		p.AddStage(osbuild.NewOSTreePrepTreeStage(&osbuild.OSTreePrepTreeStageOptions{
--- a/internal/distro/rhel90/pipelines.go
+++ b/internal/distro/rhel90/pipelines.go
@ -641,7 +641,9 @@ func osPipeline(t *imageType,
 		p.AddStage(bootloader)
 	}

-	p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	if !imageConfig.NoSElinux {
+		p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false)))
+	}

 	if t.rpmOstree {
 		p.AddStage(osbuild.NewOSTreePrepTreeStage(&osbuild.OSTreePrepTreeStageOptions{