From f37a791bd2946c13560d4bb7845171fc925252e8 Mon Sep 17 00:00:00 2001 From: Christian Kellner Date: Mon, 27 Jun 2022 17:04:57 +0200 Subject: [PATCH] distro: new image config to disable selinux We don't need to label container artifacts, so include an option in the image config to disable it. NB: This is a boolean that with the default false in order to not have to change every existing image configuration. --- internal/distro/fedora/pipelines.go | 4 ++++ internal/distro/image_config.go | 3 +++ internal/distro/rhel7/pipelines.go | 4 +++- internal/distro/rhel85/pipelines.go | 4 +++- internal/distro/rhel86/pipelines.go | 4 +++- internal/distro/rhel90/pipelines.go | 4 +++- 6 files changed, 19 insertions(+), 4 deletions(-) diff --git a/internal/distro/fedora/pipelines.go b/internal/distro/fedora/pipelines.go index 009c2f9f9..7a8916c07 100644 --- a/internal/distro/fedora/pipelines.go +++ b/internal/distro/fedora/pipelines.go @@ -268,6 +268,10 @@ func osPipeline(buildPipeline *pipeline.BuildPipeline, pl.NTPServers = imageConfig.TimeSynchronization.Timeservers } + if imageConfig.NoSElinux { + pl.SElinux = "" + } + pl.Grub2Config = imageConfig.Grub2Config pl.Sysconfig = imageConfig.Sysconfig pl.SystemdLogind = imageConfig.SystemdLogind diff --git a/internal/distro/image_config.go b/internal/distro/image_config.go index 2dbf553aa..95811daa3 100644 --- a/internal/distro/image_config.go +++ b/internal/distro/image_config.go @@ -23,6 +23,9 @@ type ImageConfig struct { // List of files from which to import GPG keys into the RPM database GPGKeyFiles []string + // Disable SELinux labelling + NoSElinux bool + // for RHSM configuration, we need to potentially distinguish the case // when the user want the image to be subscribed on first boot and when not RHSMConfig map[RHSMSubscriptionStatus]*osbuild2.RHSMStageOptions diff --git a/internal/distro/rhel7/pipelines.go b/internal/distro/rhel7/pipelines.go index 9d088a68d..cef3b6b75 100644 --- a/internal/distro/rhel7/pipelines.go +++ b/internal/distro/rhel7/pipelines.go @@ -285,7 +285,9 @@ func osPipeline(t *imageType, p.AddStage(bootloader) } - p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + if !imageConfig.NoSElinux { + p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + } return p, nil } diff --git a/internal/distro/rhel85/pipelines.go b/internal/distro/rhel85/pipelines.go index 0e825e083..48efbeb9a 100644 --- a/internal/distro/rhel85/pipelines.go +++ b/internal/distro/rhel85/pipelines.go @@ -678,7 +678,9 @@ func osPipelineRhel86(t *imageType, p.AddStage(bootloaderConfigStage(t, pt, c.GetKernel(), kernelVer, false, false)) } - p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + if !imageConfig.NoSElinux { + p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + } if t.rpmOstree { p.AddStage(osbuild.NewOSTreePrepTreeStage(&osbuild.OSTreePrepTreeStageOptions{ diff --git a/internal/distro/rhel86/pipelines.go b/internal/distro/rhel86/pipelines.go index 5eb6f923e..4d30ccaba 100644 --- a/internal/distro/rhel86/pipelines.go +++ b/internal/distro/rhel86/pipelines.go @@ -643,7 +643,9 @@ func osPipeline(t *imageType, p.AddStage(bootloader) } - p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + if !imageConfig.NoSElinux { + p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + } if t.rpmOstree { p.AddStage(osbuild.NewOSTreePrepTreeStage(&osbuild.OSTreePrepTreeStageOptions{ diff --git a/internal/distro/rhel90/pipelines.go b/internal/distro/rhel90/pipelines.go index 236d8633c..4b141dba0 100644 --- a/internal/distro/rhel90/pipelines.go +++ b/internal/distro/rhel90/pipelines.go @@ -641,7 +641,9 @@ func osPipeline(t *imageType, p.AddStage(bootloader) } - p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + if !imageConfig.NoSElinux { + p.AddStage(osbuild.NewSELinuxStage(selinuxStageOptions(false))) + } if t.rpmOstree { p.AddStage(osbuild.NewOSTreePrepTreeStage(&osbuild.OSTreePrepTreeStageOptions{