[Ovirt-devel] [PATCH ovirt-node-image] do not require SELinux build host if disabled in kickstart
Jim Meyering
jim at meyering.net
Tue Sep 23 18:38:09 UTC 2008
Alan Pevec <apevec at redhat.com> wrote:
> Signed-off-by: Alan Pevec <apevec at redhat.com>
> ---
> ovirt-node-image.spec.in | 18 +++++++++++++-----
> 1 files changed, 13 insertions(+), 5 deletions(-)
>
> diff --git a/ovirt-node-image.spec.in b/ovirt-node-image.spec.in
> index 6483fe4..838ff43 100644
> --- a/ovirt-node-image.spec.in
> +++ b/ovirt-node-image.spec.in
> @@ -59,15 +59,23 @@ mkdir -p %{ovirt_cache_dir}/node-image-tmp
> mkdir -p %{ovirt_cache_dir}/yum
>
> sudo su - -c "cd $(pwd) &&
> - case $(cat /selinux/enforce 2>/dev/null) in
> - 1) enforcing=1 ; setenforce 0 ;;
> - 0) enforcing=0 ;;
> - *) echo SELinux must be enabled; exit 1 ;;
> + enforcing=$(cat /selinux/enforce 2>/dev/null)
> + case x\$enforcing in
> + x1) setenforce 0 ;;
> + x0) ;;
> + *) if ksflatten %{name}.ks 2>/dev/null \
> + | grep -q 'selinux --disabled'; then
Probably won't ever matter, but...
you could add '^[[:space:]]', in case there's ever leading spaces,
it's #-commented (if ksflatten doesn't eliminate those), or that string
happens to occur within some other construct, like a grep argument ;-)
| grep -q '^[[:space:]]*selinux[[:space:]]*--disabled'; then
> + echo WARNING: SELinux disabled in kickstart
> + else
> + echo ERROR: SELinux enabled in kickstart, \
> + but disabled on the build machine
> + exit 1
> + fi ;;
> esac
> livecd-creator --skip-minimize -c %{name}.ks -f %{name} \
> --tmpdir='%{ovirt_cache_dir}/node-image-tmp' \
> --cache='%{ovirt_cache_dir}/yum'
> - setenforce \$enforcing"
> + setenforce \$enforcing 2>/dev/null"
I'd prefer not to discard setenforce diagnostics, and to run it only
if necessary, so how about invoking it only when $enforcing is 1 ?
test x\$enforcing = x1 && setenforce 1"
More information about the ovirt-devel
mailing list