install: Change no-SELinux -> SELinux to a warning && serialize to aleph #420
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
cc osbuild/osbuild#1682 which motivated this |
|
Also @ckyrouac - this issue was also what you hit originally right way back? I guess now that we have podman-bootc to streamline this it matters less, but I am curious if this direct support would help you now. |
jeckersb
reviewed
Mar 22, 2024
cgwalters
force-pushed
the
allow-no-selinux
branch
from
eb41fc2
to
cdb6922
Compare
|
(Or of course, maybe we just try to kill off the "setenforce 0" path because it shouldn't be necessary anymore...) |
cgwalters
force-pushed
the
allow-no-selinux
branch
from
cdb6922
to
9735ec5
Compare
|
TF can't deploy aarch64 runner this weekend. I'll ping TF guys on Monday. |
We believe we have almost all the labeling work here covered, so degrade this to a warning. Signed-off-by: Colin Walters <[email protected]>
We want to support the "installing SELinux target from SELinux-disabled host" - but in case we run into problems, let's serialize the state of things at install time into the aleph data, for the same reason we save other relevant environmental data like the kernel version. Signed-off-by: Colin Walters <[email protected]>
This avoids a dead code warning on newer rustc. Also, it's just better because if we fail to re-invoke `setenforce 1` this should be a fatal error probably. Signed-off-by: Colin Walters <[email protected]>
cgwalters
force-pushed
the
allow-no-selinux
branch
from
46604b7
to
7842a61
Compare
jeckersb
approved these changes
Mar 25, 2024
| // At this point, all other threads should be gone. | ||
| if let Some(state) = Arc::into_inner(state) { | ||
| // If we had invoked `setenforce 0`, then let's re-enable it. | ||
| match state.selinux_state { |
There was a problem hiding this comment.
clippy prefers if let here since it's only destructuring a single pattern... but there's also other preexisting things it's complaining about, so I'll just let a few accumulate and do a separate PR to clean them up all at once.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
install: Change no-SELinux -> SELinux to a warning
We believe we have almost all the labeling work here covered,
so degrade this to a warning.
Signed-off-by: Colin Walters [email protected]
install: Change SELinux state into enum, serialize to aleph
We want to support the "installing SELinux target from SELinux-disabled
host" - but in case we run into problems, let's serialize the state
of things at install time into the aleph data, for the same reason
we save other relevant environmental data like the kernel version.
Signed-off-by: Colin Walters [email protected]