openstack/diskimage-builder
Code Issues Proposed changes

Fix CentOS image build failure when dib runs on system where audit disabled

Browse Source 
Without this fix, building a CentOS image on Ubuntu where audit=0 is passed
as a kernel boot parameter will lead to the following error:
disk-image-create centos7 dhcp-all-interfaces cloud-init-nocloud \
    devuser yum epel baremetal
... dib-run-parts Running tmpdir/hooks/cleanup.d/99-selinux-fixfiles-restore
... Error connecting to audit system.

Change-Id: I229d9b72f88bffddca42da57f01c27e902427071
This commit is contained in:
Olivier Bourdon 2018-04-07 14:36:59 +02:00
parent b602c05551
commit 7566819139
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
diskimage_builder/elements/rpm-distro/cleanup.d/99-selinux-fixfiles-restore
View File

@ -66,6 +66,10 @@ fi
IFS='|' read -ra SPLIT_MOUNTS <<< "$DIB_MOUNTPOINTS" IFS='|' read -ra SPLIT_MOUNTS <<< "$DIB_MOUNTPOINTS"
for MOUNTPOINT in "${SPLIT_MOUNTS[@]}"; do for MOUNTPOINT in "${SPLIT_MOUNTS[@]}"; do
if [ "${MOUNTPOINT}" != "/tmp/in_target.d" ] && [ "${MOUNTPOINT}" != "/dev" ] && [ "${MOUNTPOINT}" != "/boot/efi" ]; then if [ "${MOUNTPOINT}" != "/tmp/in_target.d" ] && [ "${MOUNTPOINT}" != "/dev" ] && [ "${MOUNTPOINT}" != "/boot/efi" ]; then
if ! pgrep kauditd >/dev/null; then
echo "*** kauditd not found, suggesting auditing support is disabled in the host kernel. setfiles will fail without this, please enable and rebuild"
exit 1
fi
sudo ${_runcon} chroot ${TARGET_ROOT} \ sudo ${_runcon} chroot ${TARGET_ROOT} \
/usr/sbin/setfiles -F ${_dash_m} \ /usr/sbin/setfiles -F ${_dash_m} \
/etc/selinux/targeted/contexts/files/file_contexts ${MOUNTPOINT} /etc/selinux/targeted/contexts/files/file_contexts ${MOUNTPOINT}