The CentOS 6 base image has selinux set to disabled. Because of this, it
requires a stepping through permissive with a relabel during a reboot.
Unfortunately you can't have the scripts issue the reboot without
vagrant getting annoyed.
Change-Id: Ia46348162df9dc5deabf3a6d1907ca54cbd97b33
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
- # disable the default requiretty for sudo that Fedora and CentOS have
- config.vm.provision 'shell', path: 'remove_requiretty.sh'
-
# Do a full system update and force enforcing on (it's in permissive
# by default in the rackspace base images)
config.vm.provision 'shell', path: 'bootstrap.sh'
# Do a full system update and force enforcing on (it's in permissive
# by default in the rackspace base images)
config.vm.provision 'shell', path: 'bootstrap.sh'
+ # disable the default requiretty for sudo that Fedora and CentOS have
+ config.vm.provision 'shell', path: 'remove_requiretty.sh'
+
# Execute a system clean-up in prep for imaging so that this base
# image can be used for other Rackspace Vagrant configurations
config.vm.provision 'shell', path: 'system_reseal.sh'
# Execute a system clean-up in prep for imaging so that this base
# image can be used for other Rackspace Vagrant configurations
config.vm.provision 'shell', path: 'system_reseal.sh'
-# enable enforcing mode from the very start
-setenforce enforcing
+# vim: ts=4 sw=4 sts=4 et :
-# configure system for enforcing mode on next boot
-sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
+# Handle the occurance where SELINUX is actually disabled
+if [ `grep SELINUX=permissive /etc/selinux/config` ]; then
+ # enable enforcing mode from the very start
+ setenforce enforcing
-yum clean all
-yum update -y
+ # configure system for enforcing mode on next boot
+ sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
+else
+ sed -i 's/SELINUX=disabled/SELINUX=permissive/' /etc/selinux/config
+ touch /.autorelabel
+
+ echo "*******************************************"
+ echo "** SYSTEM REQUIRES A RESTART FOR SELINUX **"
+ echo "*******************************************"
+fi
+
+yum clean all -q
+yum update -y -q
-/bin/sed -i 's/requiretty/!requiretty/' /etc/sudoers;
+
+# Make sure we have the leading space so multiple runs
+# are idempotent
+/bin/sed -i 's/ requiretty/ !requiretty/' /etc/sudoers;
+# vim: sw=2 ts=2 sts=2 et :
+
+if [ -f /.autorelabel ]; then
+ echo "**********************************************"
+ echo "* SYSTEM REQUIRES RELABELING SKIPPING RESEAL *"
+ echo "* PLEASE RESTART SYSTEM AND RERUN *"
+ echo "* PROVISIONING SCRIPTS *"
+ echo "**********************************************"
+ exit 1;
+fi
+
# clean-up from any prior cloud-init networking
rm -rf /etc/sysconfig/network-scripts/{ifcfg,route}-eth*
# clean-up from any prior cloud-init networking
rm -rf /etc/sysconfig/network-scripts/{ifcfg,route}-eth*