livemedia-creator: Check selinux state and exit
lmc --no-virt was switching selinux to permissive if it was enforcing and restore it when done. This works fine when it is the only session running, but would cause problems if it was run in parallel. It now only checks the state and exits with an error if it isn't already disabled or in Permissive mode. Users will need to run setenforce 0 before running lmc.
This commit is contained in:
parent
a7fb48d0da
commit
b91e79d9bc
@ -32,6 +32,7 @@ import glob
|
|||||||
import json
|
import json
|
||||||
from math import ceil
|
from math import ceil
|
||||||
import socket
|
import socket
|
||||||
|
import selinux
|
||||||
|
|
||||||
# Use pykickstart to calculate disk image size
|
# Use pykickstart to calculate disk image size
|
||||||
from pykickstart.parser import KickstartParser
|
from pykickstart.parser import KickstartParser
|
||||||
@ -663,19 +664,11 @@ def novirt_install(opts, disk_img, disk_size):
|
|||||||
:param str disk_img: The full path to the disk image to be created
|
:param str disk_img: The full path to the disk image to be created
|
||||||
:param int disk_size: The size of the disk_img in MiB
|
:param int disk_size: The size of the disk_img in MiB
|
||||||
|
|
||||||
This method makes sure SELinux is permissive during the install, runs anaconda
|
This method runs anaconda to create the image and then based on the opts
|
||||||
to create the image and then based on the opts passed create a qemu disk image
|
passed creates a qemu disk image or tarfile.
|
||||||
or tarfile.
|
|
||||||
"""
|
"""
|
||||||
import selinux
|
|
||||||
dirinstall_path = ROOT_PATH
|
dirinstall_path = ROOT_PATH
|
||||||
|
|
||||||
# Set selinux to Permissive if it is Enforcing
|
|
||||||
selinux_enforcing = False
|
|
||||||
if selinux.is_selinux_enabled() and selinux.security_getenforce():
|
|
||||||
selinux_enforcing = True
|
|
||||||
selinux.security_setenforce(0)
|
|
||||||
|
|
||||||
# Clean up /tmp/ from previous runs to prevent stale info from being used
|
# Clean up /tmp/ from previous runs to prevent stale info from being used
|
||||||
for path in ["/tmp/yum.repos.d/", "/tmp/yum.cache/"]:
|
for path in ["/tmp/yum.repos.d/", "/tmp/yum.cache/"]:
|
||||||
if os.path.isdir(path):
|
if os.path.isdir(path):
|
||||||
@ -763,9 +756,6 @@ def novirt_install(opts, disk_img, disk_size):
|
|||||||
dm_detach(dm_path)
|
dm_detach(dm_path)
|
||||||
loop_detach(get_loop_name(disk_img))
|
loop_detach(get_loop_name(disk_img))
|
||||||
|
|
||||||
if selinux_enforcing:
|
|
||||||
selinux.security_setenforce(1)
|
|
||||||
|
|
||||||
# qemu disk image is used by bare qcow2 images and by Vagrant
|
# qemu disk image is used by bare qcow2 images and by Vagrant
|
||||||
if opts.image_type:
|
if opts.image_type:
|
||||||
log.info("Converting %s to %s", disk_img, opts.image_type)
|
log.info("Converting %s to %s", disk_img, opts.image_type)
|
||||||
@ -1153,6 +1143,10 @@ def main():
|
|||||||
and not os.path.exists("/usr/sbin/anaconda"):
|
and not os.path.exists("/usr/sbin/anaconda"):
|
||||||
errors.append("no-virt requires anaconda to be installed.")
|
errors.append("no-virt requires anaconda to be installed.")
|
||||||
|
|
||||||
|
if is_install and opts.no_virt:
|
||||||
|
if selinux.is_selinux_enabled() and selinux.security_getenforce():
|
||||||
|
errors.append("selinux must be disabled or in Permissive mode.")
|
||||||
|
|
||||||
if opts.make_appliance and not opts.app_template:
|
if opts.make_appliance and not opts.app_template:
|
||||||
opts.app_template = joinpaths(opts.lorax_templates,
|
opts.app_template = joinpaths(opts.lorax_templates,
|
||||||
"appliance/libvirt.tmpl")
|
"appliance/libvirt.tmpl")
|
||||||
|
Loading…
Reference in New Issue
Block a user