Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set SELinux in permissive mode on recovery, leave default on active #1395

Merged

Conversation

davidcassany
Copy link
Contributor

@davidcassany davidcassany commented May 2, 2024

Fixes #1361
Part of #1362

@davidcassany davidcassany requested a review from a team as a code owner May 2, 2024 09:52
@davidcassany davidcassany marked this pull request as draft May 2, 2024 09:52
@davidcassany davidcassany force-pushed the set_k3s_selinux_image_in_enforce_mode branch 3 times, most recently from f704c40 to e39369c Compare May 3, 2024 13:42
@davidcassany davidcassany marked this pull request as ready for review May 6, 2024 11:43
@davidcassany
Copy link
Contributor Author

I think this is ready to be merged. I manually tested k3s provisioning from an ISO including these changes and I also checked upgrading from staging to this image works and after reboot the system is on enforcing mode.

@davidcassany davidcassany force-pushed the set_k3s_selinux_image_in_enforce_mode branch from da96e70 to 987bab0 Compare May 8, 2024 09:47
Copy link
Contributor

@frelon frelon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but can probably be simplified after rancher/elemental-toolkit#2070 is merged 👍

@davidcassany davidcassany marked this pull request as draft May 8, 2024 15:33
@davidcassany
Copy link
Contributor Author

RKE2 provisioning is not fully functional as some files are not getting the appropriate labels. Digging a bit more to figure that out and waiting for rancher/elemental-toolkit#2070 to be merged as this will simplify this PR.

@davidcassany davidcassany force-pushed the set_k3s_selinux_image_in_enforce_mode branch from 0772d01 to f1ca0f6 Compare May 10, 2024 12:18
@davidcassany davidcassany marked this pull request as ready for review May 10, 2024 12:19
Signed-off-by: David Cassany <dcassany@suse.com>
Signed-off-by: David Cassany <dcassany@suse.com>
Signed-off-by: David Cassany <dcassany@suse.com>
Signed-off-by: David Cassany <dcassany@suse.com>
Signed-off-by: David Cassany <dcassany@suse.com>
@davidcassany davidcassany force-pushed the set_k3s_selinux_image_in_enforce_mode branch from f1ca0f6 to 5d01dd0 Compare May 13, 2024 12:54
@davidcassany davidcassany merged commit a267562 into rancher:main May 14, 2024
19 checks passed
@davidcassany davidcassany deleted the set_k3s_selinux_image_in_enforce_mode branch May 14, 2024 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

[SELinux] K3s provisioning
2 participants