Skip to content

Commit

Permalink
Allow overriding selinux when host has selinux enabled
Browse files Browse the repository at this point in the history
Signed-off-by: ckyrouac <[email protected]>
  • Loading branch information
ckyrouac committed Feb 13, 2024
1 parent f5e6a93 commit 5708cfb
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions lib/src/install.rs
Original file line number Diff line number Diff line change
Expand Up @@ -732,7 +732,10 @@ pub(crate) fn reexecute_self_for_selinux_if_needed(
if srcdata.selinux {
let host_selinux = crate::lsm::selinux_enabled()?;
tracing::debug!("Target has SELinux, host={host_selinux}");
if host_selinux {
if override_disable_selinux {
ret_did_override = true;
println!("notice: Target has SELinux enabled, overriding to disable")
} else if host_selinux {
// /sys/fs/selinuxfs is not normally mounted, so we do that now.
// Because SELinux enablement status is cached process-wide and was very likely
// already queried by something else (e.g. glib's constructor), we would also need
Expand All @@ -741,9 +744,6 @@ pub(crate) fn reexecute_self_for_selinux_if_needed(
crate::lsm::container_setup_selinux()?;
// This will re-execute the current process (once).
g = crate::lsm::selinux_ensure_install_or_setenforce()?;
} else if override_disable_selinux {
ret_did_override = true;
println!("notice: Target has SELinux enabled, overriding to disable")
} else if std::env::var_os(skip_check_envvar).is_some() {
eprintln!(
"Host kernel does not have SELinux support, but target enables it by default; {} is set, continuing anyways",
Expand Down

0 comments on commit 5708cfb

Please sign in to comment.