TEST-06-SELINUX: Various fixes

- Stop installing the policy in the initramfs as it's not really supported anyway (https://github.com/fedora-selinux/selinux-policy/issues/2221) - Stop relabeling on first boot and prefer to do it at image build time - Disable mkosi relabeling by default but enable it in CI - Build image as root in CI so the SELinux relabeling works properly
author: Daan De Meyer <daan.j.demeyer@gmail.com> 2024-07-09 12:26:11 +0200
committer: Daan De Meyer <daan.j.demeyer@gmail.com> 2024-07-10 18:52:29 +0200
commit: dedd712dd9b4883678765b9bc1a8ac349cf24f3b (patch)
tree: 583ad04649c6a0200c26b4fa363f70fe5406677f /.github/workflows/mkosi.yml
parent: mkosi: Don't fail if /var/log/journal does not exist (diff)
download: systemd-dedd712dd9b4883678765b9bc1a8ac349cf24f3b.tar.xz
systemd-dedd712dd9b4883678765b9bc1a8ac349cf24f3b.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index d2aa7f7b79..a4a7a76149 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -59,36 +59,43 @@ jobs:
             sanitizers: ""
             llvm: 0
             cflags: "-O2 -D_FORTIFY_SOURCE=3"
+            relabel: no
           - distro: debian
             release: testing
             sanitizers: ""
             llvm: 0
             cflags: "-Og"
+            relabel: no
           - distro: ubuntu
             release: noble
             sanitizers: ""
             llvm: 0
             cflags: "-Og"
+            relabel: no
           - distro: fedora
             release: "40"
             sanitizers: ""
             llvm: 0
             cflags: "-Og"
+            relabel: yes
           - distro: fedora
             release: rawhide
             sanitizers: address,undefined
             llvm: 1
             cflags: "-Og"
+            relabel: yes
           - distro: opensuse
             release: tumbleweed
             sanitizers: ""
             llvm: 0
             cflags: "-Og"
+            relabel: no
           - distro: centos
             release: "9"
             sanitizers: ""
             llvm: 0
             cflags: "-Og"
+            relabel: yes
 
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
@@ -141,6 +148,8 @@ jobs:
                 MESON_OPTIONS=--werror
                 LLVM=${{ matrix.llvm }}
 
+        SELinuxRelabel=${{ matrix.relabel }}
+
         [Host]
         QemuMem=4G
         # We build with debuginfo so there's no point in mounting the sources into the machine.
@@ -187,7 +196,7 @@ jobs:
             -Dvmspawn=enabled
 
     - name: Build image
-      run: meson compile -C build mkosi
+      run: sudo meson compile -C build mkosi
 
     - name: Run integration tests
       run: sudo --preserve-env meson test -C build --no-rebuild --suite integration-tests --print-errorlogs --no-stdsplit --num-processes "$(($(nproc) - 1))"
author	Daan De Meyer <daan.j.demeyer@gmail.com>	2024-07-09 12:26:11 +0200
committer	Daan De Meyer <daan.j.demeyer@gmail.com>	2024-07-10 18:52:29 +0200
commit	dedd712dd9b4883678765b9bc1a8ac349cf24f3b (patch)
tree	583ad04649c6a0200c26b4fa363f70fe5406677f /.github/workflows/mkosi.yml
parent	mkosi: Don't fail if /var/log/journal does not exist (diff)
download	systemd-dedd712dd9b4883678765b9bc1a8ac349cf24f3b.tar.xz systemd-dedd712dd9b4883678765b9bc1a8ac349cf24f3b.zip