diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-09 12:26:11 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-07-10 18:52:29 +0200 |
| commit | dedd712dd9b4883678765b9bc1a8ac349cf24f3b (patch) | |
| tree | 583ad04649c6a0200c26b4fa363f70fe5406677f /mkosi.conf | |
| parent | mkosi: Don't fail if /var/log/journal does not exist (diff) | |
| download | systemd-dedd712dd9b4883678765b9bc1a8ac349cf24f3b.tar.xz systemd-dedd712dd9b4883678765b9bc1a8ac349cf24f3b.zip | |
TEST-06-SELINUX: Various fixes
- Stop installing the policy in the initramfs as it's not really
supported anyway (https://github.com/fedora-selinux/selinux-policy/issues/2221)
- Stop relabeling on first boot and prefer to do it at image build time
- Disable mkosi relabeling by default but enable it in CI
- Build image as root in CI so the SELinux relabeling works properly
Diffstat (limited to 'mkosi.conf')
| -rw-r--r-- | mkosi.conf | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/mkosi.conf b/mkosi.conf index c90f5bfc77..96fb992497 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -11,7 +11,6 @@ BuildDirectory=build/mkosi.builddir CacheDirectory=build/mkosi.cache [Content] -SELinuxRelabel=no BuildSourcesEphemeral=yes Autologin=yes @@ -24,6 +23,10 @@ ExtraTrees= Environment= SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F +# Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time +# and results in lots of errors when building images as a regular user. +SELinuxRelabel=no + # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in # various scenarios. Consider adding support for a credential instead if possible and using that. KernelCommandLine=systemd.crash_shell |