Force SELinux to be in permissive mode

The Fedora based ramdisk is outright broken with SELinux enforcing. TripleO actually ships its ramdisks with selinux-permissive, let's do the same. Change-Id: Icfec4b8109a0ddefeb0f200c3fd1f1e2de104839
2020-11-02 10:49:22 +01:00 · 2020-11-02 10:49:22 +01:00 · 5eebab3fc1
commit 5eebab3fc1
parent adf9a76ecd
3 changed files with 8 additions and 2 deletions
--- a/dib/ironic-python-agent-ramdisk/element-deps
+++ b/dib/ironic-python-agent-ramdisk/element-deps
@ -6,5 +6,6 @@ package-installs
 pip-and-virtualenv
 pkg-map
 runtime-ssh-host-keys
+selinux-permissive
 source-repositories
 svc-map
--- a/doc/source/admin/dib.rst
+++ b/doc/source/admin/dib.rst
@ -123,8 +123,7 @@ The *dynamic-login* element allows the operator to inject an SSH key at boot
 time via the kernel command line parameters:

 * Add ``sshkey="ssh-rsa <your public key here>"`` to ``pxe_append_params``
-  setting in the ``ironic.conf`` file. Disabling SELinux is required for
-  systems where it is enabled, it can be done with ``selinux=0``.
+  setting in the ``ironic.conf`` file.

  .. warning:: Quotation marks around the public key are important!

--- a/releasenotes/notes/selinux-permissive-a059f42bb66373a1.yaml
+++ b/releasenotes/notes/selinux-permissive-a059f42bb66373a1.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    The DIB-based ramdisk is now always built with SELinux set to permissive.
+    Enabling SELinux may result in broken ramdisks and does not make much
+    sense for IPA anyway.