Turn selinux back on after cloud-init

After cloud-init has run configuration steps, turn on selinux again for security reasons. Change-Id: I12a5b2ff3e71be39aa84093fce8b1c2b1be9d473 Closes-Bug: 1543308
2016-02-09 10:19:51 -05:00 · 2016-02-09 10:19:51 -05:00 · cf85c5ac03
commit cf85c5ac03
parent 2d6b4c6cce
5 changed files with 6 additions and 8 deletions
--- a/magnum/templates/kubernetes/fragments/disable-selinux.sh
+++ b/magnum/templates/kubernetes/fragments/disable-selinux.sh
@ -2,7 +2,3 @@
 #!/bin/sh

 setenforce 0
-
-sed -i '
-  /^SELINUX=/ s/=.*/=permissive/
-' /etc/selinux/config
--- a/magnum/templates/kubernetes/fragments/enable-services-master.sh
+++ b/magnum/templates/kubernetes/fragments/enable-services-master.sh
@ -9,3 +9,5 @@ for service in etcd docker kube-apiserver kubelet; do
    systemctl enable $service
    systemctl --no-block start $service
 done
+
+setenforce 1
--- a/magnum/templates/kubernetes/fragments/enable-services-minion.sh
+++ b/magnum/templates/kubernetes/fragments/enable-services-minion.sh
@ -15,3 +15,5 @@ for service in docker kubelet; do
    systemctl enable $service
    systemctl --no-block start $service
 done
+
+setenforce 1
--- a/magnum/templates/swarm/fragments/disable-selinux.sh
+++ b/magnum/templates/swarm/fragments/disable-selinux.sh
@ -2,7 +2,3 @@
 #!/bin/sh

 setenforce 0
-
-sed -i '
-  /^SELINUX=/ s/=.*/=permissive/
-' /etc/selinux/config
--- a/magnum/templates/swarm/fragments/enable-services.sh
+++ b/magnum/templates/swarm/fragments/enable-services.sh
@ -7,3 +7,5 @@ for service in $NODE_SERVICES; do
    systemctl enable $service
    systemctl --no-block start $service
 done
+
+setenforce 1