From 44b2e77979dea95bfabdd712eccb8c3a69b36470 Mon Sep 17 00:00:00 2001
From: Hongbin Lu <hongbin.lu@huawei.com>
Date: Tue, 8 Mar 2016 14:26:24 -0500
Subject: [PATCH] Enable SELinux in swarm bay

SELinux is an important security features. We need to turn it on
after cloud-init. This patch did that for swarm.

Change-Id: I1862a63498613535741c3aae9c0378911ec21315
Partial-Bug: #1543308
---
 magnum/templates/swarm/fragments/disable-selinux.sh | 4 ----
 magnum/templates/swarm/fragments/enable-services.sh | 2 ++
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/magnum/templates/swarm/fragments/disable-selinux.sh b/magnum/templates/swarm/fragments/disable-selinux.sh
index 888c0e4467..49e9dc79a8 100644
--- a/magnum/templates/swarm/fragments/disable-selinux.sh
+++ b/magnum/templates/swarm/fragments/disable-selinux.sh
@@ -2,7 +2,3 @@
 #!/bin/sh
 
 setenforce 0
-
-sed -i '
-  /^SELINUX=/ s/=.*/=permissive/
-' /etc/selinux/config
diff --git a/magnum/templates/swarm/fragments/enable-services.sh b/magnum/templates/swarm/fragments/enable-services.sh
index d0f064e403..1c7ed9790a 100644
--- a/magnum/templates/swarm/fragments/enable-services.sh
+++ b/magnum/templates/swarm/fragments/enable-services.sh
@@ -7,3 +7,5 @@ for service in $NODE_SERVICES; do
     systemctl enable $service
     systemctl --no-block start $service
 done
+
+setenforce 1