Merge pull request #877 from ajeddeloh/selinux-default

Turn on SELinux by default, remove dead code
coreos · Oct 18, 2019 · 2c1b78a · 2c1b78a
2 parents 355c46b + 5a4e5c7
commit 2c1b78a
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 69 deletions.
diff --git a/internal/distro/distro.go b/internal/distro/distro.go
@@ -53,7 +53,7 @@ var (
 	xfsMkfsCmd   = "mkfs.xfs"
 
 	// Flags
-	selinuxRelabel  = "false"
+	selinuxRelabel  = "true"
 	blackboxTesting = "false"
 	// writeAuthorizedKeysFragment indicates whether to write SSH keys
 	// specified in the Ignition config as a fragment to
@@ -84,7 +84,7 @@ func SwapMkfsCmd() string  { return swapMkfsCmd }
 func VfatMkfsCmd() string  { return vfatMkfsCmd }
 func XfsMkfsCmd() string   { return xfsMkfsCmd }
 
-func SelinuxRelabel() bool  { return bakedStringToBool(selinuxRelabel) }
+func SelinuxRelabel() bool  { return bakedStringToBool(selinuxRelabel) && !BlackboxTesting() }
 func BlackboxTesting() bool { return bakedStringToBool(blackboxTesting) }
 func WriteAuthorizedKeysFragment() bool {
 	return bakedStringToBool(fromEnv("WRITE_AUTHORIZED_KEYS_FRAGMENT", writeAuthorizedKeysFragment))

diff --git a/tests/filesystem.go b/tests/filesystem.go
@@ -80,13 +80,8 @@ func prepareRootPartitionForPasswd(ctx context.Context, root *types.Partition) e
 	}
 
 	// TODO: use the architecture, not hardcode amd64
-	// copy to mountPath/usr/bin/id as it's used by Ignition via a chroot to the mountPath
-	_, err := run(ctx, "cp", "bin/amd64/id-stub", filepath.Join(mountPath, "usr", "bin", "id"))
-	if err != nil {
-		return err
-	}
 	// TODO: needed for user_group_lookup.c
-	_, err = run(ctx, "cp", "/lib64/libnss_files.so.2", filepath.Join(mountPath, "usr", "lib64"))
+	_, err := run(ctx, "cp", "/lib64/libnss_files.so.2", filepath.Join(mountPath, "usr", "lib64"))
 	return err
 }
 

diff --git a/tests/stubs/id-stub/main.go b/tests/stubs/id-stub/main.go