build-rootfs: Disable SELinux for now
Until we have a working CI pipeline that can appropriately manage the SELinux policy in the target environment, anyway.gentoo
parent
62cdb405a3
commit
238c3aff05
|
|
@ -96,6 +96,7 @@ if ! grep -q Include /mnt/gentoo/etc/ssh/sshd_config; then
|
||||||
>> /mnt/gentoo/etc/ssh/sshd_config
|
>> /mnt/gentoo/etc/ssh/sshd_config
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
case ${profile} in *selinux*)
|
||||||
# Although `semanage` accepts a `--store` argument that supposedly
|
# Although `semanage` accepts a `--store` argument that supposedly
|
||||||
# instructs it to operate on an alternate SELinux policy store, it
|
# instructs it to operate on an alternate SELinux policy store, it
|
||||||
# doesn't actually work. As such, we have to run `semanage` in an
|
# doesn't actually work. As such, we have to run `semanage` in an
|
||||||
|
|
@ -117,5 +118,7 @@ setfiles \
|
||||||
-e /mnt/gentoo/etc/portage \
|
-e /mnt/gentoo/etc/portage \
|
||||||
/mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
|
/mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
|
||||||
/mnt/gentoo
|
/mnt/gentoo
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
touch /mnt/gentoo/usr
|
touch /mnt/gentoo/usr
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
net-misc/openssh
|
net-misc/openssh
|
||||||
net-misc/wget
|
net-misc/wget
|
||||||
sec-policy/selinux-aimee-os
|
|
||||||
sys-apps/busybox
|
sys-apps/busybox
|
||||||
sys-apps/systemd
|
sys-apps/systemd
|
||||||
sys-fs/btrfs-progs
|
sys-fs/btrfs-progs
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue