From 1687093a439b480f1e1240a87378aa771febd8d0 Mon Sep 17 00:00:00 2001 From: Marek Belisko Date: Tue, 4 Aug 2020 13:50:25 +0200 Subject: [PATCH] mender-convert-modify: Check is selinux is configured in enforce mode and force rootfs-relabel Changelog: Title CentOS 8 converted image cannot boot to login shell: user: no shell: permission denied It turns out that issue was caused by selinux. Idea for relabeling rootfs was inspired by this post: https://forums.centos.org/viewtopic.php?t=48714 Removing of /.autorelabel after action is done automatically and it's necessary. Signed-off-by: Marek Belisko --- mender-convert-modify | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/mender-convert-modify b/mender-convert-modify index 3bd4c77..9c5f343 100755 --- a/mender-convert-modify +++ b/mender-convert-modify @@ -270,6 +270,19 @@ ${boot_part_device} ${boot_part_mountpoint} auto defaults,sync ${data_part_device} /data auto ${MENDER_DATA_PART_FSTAB_OPTS} 0 0 EOF" +# +# Make sure to re-label rootfs when selinux is in enforcing mode +# e.g. CentOS8 after conversion cannot start login shell due selinux +# inspired by: https://forums.centos.org/viewtopic.php?t=48714 +# +if [ -f work/rootfs/etc/selinux/config ]; then + grep -r 'SELINUX=Enforcing' work/rootfs/etc/selinux/config || true + if [ $? -eq 0 ]; then + log_info "Selinux is in enforcing mode. Enable autorelabel" + touch work/rootfs/.autorelabel + fi +fi + log_info "Performing platform specific modifications (if any)" for hook in "${PLATFORM_MODIFY_HOOKS[@]}"; do log_info "Running hook: $hook"