From 555d7d15f24d3e24fb01df7a522cb7ef4caffa4a Mon Sep 17 00:00:00 2001 From: Lleyton Gray Date: Thu, 3 Oct 2024 22:23:58 -0700 Subject: [PATCH] fix: selinux and sync live.sh with upstream --- katsu/modules/base/selinux.sh | 2 +- katsu/modules/live/live.sh | 52 ++++++++++++----------------------- 2 files changed, 19 insertions(+), 35 deletions(-) diff --git a/katsu/modules/base/selinux.sh b/katsu/modules/base/selinux.sh index ade4164d..7ab1a49d 100644 --- a/katsu/modules/base/selinux.sh +++ b/katsu/modules/base/selinux.sh @@ -4,4 +4,4 @@ set -euxo pipefail echo "Setting up SELinux..." -setfiles -F -r "${CHROOT}" "${CHROOT}"/etc/selinux/targeted/contexts/files/file_contexts "${CHROOT}" \ No newline at end of file +setfiles -m -F -r "${CHROOT}" -c "${CHROOT}"/etc/selinux/targeted/policy/policy.* "${CHROOT}"/etc/selinux/targeted/contexts/files/file_contexts "${CHROOT}" diff --git a/katsu/modules/live/live.sh b/katsu/modules/live/live.sh index 2200296e..a5878a81 100644 --- a/katsu/modules/live/live.sh +++ b/katsu/modules/live/live.sh @@ -10,19 +10,22 @@ systemctl enable tmp.mount # make it so that we don't do writing to the overlay for things which # are just tmpdirs/caches # note https://bugzilla.redhat.com/show_bug.cgi?id=1135475 -cat >>/etc/fstab <> /etc/fstab << EOF vartmp /var/tmp tmpfs defaults 0 0 EOF # work around for poor key import UI in PackageKit -# rm -f /var/lib/rpm/__db* +rm -f /var/lib/rpm/__db* echo "Packages within this LiveCD" -rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' | sort -rn +rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn # Note that running rpm recreates the rpm db files which aren't needed or wanted rm -f /var/lib/rpm/__db* # go ahead and pre-make the man -k cache (#455968) -/usr/bin/mandb -c +/usr/bin/mandb + +# make sure there aren't core files lying around +rm -f /core* # remove random seed, the newly installed instance should make it's own rm -f /var/lib/systemd/random-seed @@ -33,12 +36,9 @@ rm -f /var/lib/systemd/random-seed echo 'File created by katsu. See systemd-update-done.service(8).' | tee /etc/.updated >/var/.updated -# Set locales in chroot -cat >/etc/locale.conf </etc/locale.conf < "$anaconda_dir/01-selinux.ks" << EOF - -%post -echo "Setting up SELinux..." -setfiles -F -e /proc -e /sys -e /dev -e /bin /etc/selinux/targeted/contexts/files/file_contexts / || true -setfiles -F -e /proc -e /sys -e /dev /etc/selinux/targeted/contexts/files/file_contexts.bin /bin || true - -%end - -EOF - - # Delete the firefox redhat configs, debranding rm -rf /usr/lib64/firefox/browser/defaults/preferences/firefox-redhat-default-prefs.js - - -# Disable sysroot.mount -systemctl disable sysroot.mount || true