From 5df9f4473e1ed188836d08e43e7ecee37a7a4b3a Mon Sep 17 00:00:00 2001 From: manuel Date: Fri, 12 Jul 2024 12:52:15 +0000 Subject: [PATCH] update selinux_hook.chroot --- .../normal/debsrv_64/0660-selinux_hook.chroot | 25 ++++++++----------- .../normal/devsrv_64/0660-selinux_hook.chroot | 25 ++++++++----------- 2 files changed, 22 insertions(+), 28 deletions(-) diff --git a/iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot b/iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot index 2088f70f..618c5db1 100755 --- a/iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot +++ b/iso_configs/hooks/normal/debsrv_64/0660-selinux_hook.chroot @@ -2,39 +2,36 @@ # SPDX-License-Identifier: GPL-3.0-or-later # -# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me) - -set -e +# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me # Install required SELinux packages -chroot $1 apt update -chroot $1 apt -y install selinux-basics selinux-policy-default auditd + apt -y install selinux-basics selinux-policy-default auditd # Initialize SELinux -chroot $1 selinux-activate + selinux-activate # Restart auditd service -chroot $1 systemctl restart auditd + systemctl restart auditd # Enable SELinux policy activation on boot -chroot $1 systemctl enable selinux-policy-activate + systemctl enable selinux-policy-activate # Disable AppArmor -chroot $1 systemctl disable apparmor -chroot $1 systemctl stop apparmor -chroot $1 apt -y purge apparmor + systemctl disable apparmor + systemctl stop apparmor + apt -y purge apparmor # Additional configuration (optional) # Here you can add commands to adjust policies or configure additional rules # Set SELinux to enforcing mode -chroot $1 /usr/sbin/setenforce 1 + /usr/sbin/setenforce 1 # Configure file contexts (example) -chroot $1 /sbin/restorecon -Rv /etc/ + /sbin/restorecon -Rv /etc/ # Allow HTTPD scripts and modules to connect to the network (example) -chroot $1 /usr/sbin/setsebool -P httpd_can_network_connect 1 + /usr/sbin/setsebool -P httpd_can_network_connect 1 exit 0 diff --git a/iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot b/iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot index 2088f70f..618c5db1 100755 --- a/iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot +++ b/iso_configs/hooks/normal/devsrv_64/0660-selinux_hook.chroot @@ -2,39 +2,36 @@ # SPDX-License-Identifier: GPL-3.0-or-later # -# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me) - -set -e +# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me # Install required SELinux packages -chroot $1 apt update -chroot $1 apt -y install selinux-basics selinux-policy-default auditd + apt -y install selinux-basics selinux-policy-default auditd # Initialize SELinux -chroot $1 selinux-activate + selinux-activate # Restart auditd service -chroot $1 systemctl restart auditd + systemctl restart auditd # Enable SELinux policy activation on boot -chroot $1 systemctl enable selinux-policy-activate + systemctl enable selinux-policy-activate # Disable AppArmor -chroot $1 systemctl disable apparmor -chroot $1 systemctl stop apparmor -chroot $1 apt -y purge apparmor + systemctl disable apparmor + systemctl stop apparmor + apt -y purge apparmor # Additional configuration (optional) # Here you can add commands to adjust policies or configure additional rules # Set SELinux to enforcing mode -chroot $1 /usr/sbin/setenforce 1 + /usr/sbin/setenforce 1 # Configure file contexts (example) -chroot $1 /sbin/restorecon -Rv /etc/ + /sbin/restorecon -Rv /etc/ # Allow HTTPD scripts and modules to connect to the network (example) -chroot $1 /usr/sbin/setsebool -P httpd_can_network_connect 1 + /usr/sbin/setsebool -P httpd_can_network_connect 1 exit 0