[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Ovirt-devel] [PATCH ovirt-node-image] do not require SELinux build host if disabled in kickstart



Jim Meyering wrote:
Probably won't ever matter, but...
you could add '^[[:space:]]', in case there's ever leading spaces,
it's #-commented (if ksflatten doesn't eliminate those), or that string
happens to occur within some other construct, like a grep argument ;-)

yes, ksflatten eliminates all comments and produces canonical output, so changing regexp to:
'^selinux --disabled$'

+              setenforce \$enforcing 2>/dev/null"

I'd prefer not to discard setenforce diagnostics, and to run it only
if necessary, so how about invoking it only when $enforcing is 1 ?

              test x\$enforcing = x1 && setenforce 1"

applied, thanks

From ae098b5f49f2158e0029cb95a48c943414d1b551 Mon Sep 17 00:00:00 2001
From: Alan Pevec <apevec redhat com>
Date: Tue, 23 Sep 2008 19:21:14 +0200
Subject: [PATCH ovirt-node-image] do not require SELinux enabled build host if disabled in kickstart

Signed-off-by: Alan Pevec <apevec redhat com>
---
 ovirt-node-image.spec.in |   18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/ovirt-node-image.spec.in b/ovirt-node-image.spec.in
index 6483fe4..e0c0b77 100644
--- a/ovirt-node-image.spec.in
+++ b/ovirt-node-image.spec.in
@@ -59,15 +59,23 @@ mkdir -p %{ovirt_cache_dir}/node-image-tmp
 mkdir -p %{ovirt_cache_dir}/yum
 
 sudo su - -c "cd $(pwd) &&
-              case $(cat /selinux/enforce 2>/dev/null) in
-                  1) enforcing=1 ; setenforce 0 ;;
-                  0) enforcing=0 ;;
-                  *) echo SELinux must be enabled; exit 1 ;;
+              enforcing=$(cat /selinux/enforce 2>/dev/null)
+              case x\$enforcing in
+                  x1) setenforce 0 ;;
+                  x0) ;;
+                   *) if ksflatten %{name}.ks 2>/dev/null \
+                        | grep -q '^selinux --disabled$'; then
+                        echo WARNING: SELinux disabled in kickstart
+                      else
+                        echo ERROR: SELinux enabled in kickstart, \
+                             but disabled on the build machine
+                        exit 1
+                      fi ;;
               esac
               livecd-creator --skip-minimize -c %{name}.ks -f %{name} \
                --tmpdir='%{ovirt_cache_dir}/node-image-tmp' \
                --cache='%{ovirt_cache_dir}/yum'
-              setenforce \$enforcing"
+              test x\$enforcing = x1 && setenforce 1"
 sudo su - -c "cd $(pwd) && ./ovirt-pxe %{name}.iso"
 sudo su - -c "cd $(pwd) && chown -R $USER ."
 
-- 
1.5.5.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]