update selinux_hook.chroot
This commit is contained in:
parent
0269734d8d
commit
5df9f4473e
|
@ -2,39 +2,36 @@
|
||||||
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
#
|
#
|
||||||
# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me)
|
# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Install required SELinux packages
|
# Install required SELinux packages
|
||||||
chroot $1 apt update
|
apt -y install selinux-basics selinux-policy-default auditd
|
||||||
chroot $1 apt -y install selinux-basics selinux-policy-default auditd
|
|
||||||
|
|
||||||
# Initialize SELinux
|
# Initialize SELinux
|
||||||
chroot $1 selinux-activate
|
selinux-activate
|
||||||
|
|
||||||
# Restart auditd service
|
# Restart auditd service
|
||||||
chroot $1 systemctl restart auditd
|
systemctl restart auditd
|
||||||
|
|
||||||
# Enable SELinux policy activation on boot
|
# Enable SELinux policy activation on boot
|
||||||
chroot $1 systemctl enable selinux-policy-activate
|
systemctl enable selinux-policy-activate
|
||||||
|
|
||||||
# Disable AppArmor
|
# Disable AppArmor
|
||||||
chroot $1 systemctl disable apparmor
|
systemctl disable apparmor
|
||||||
chroot $1 systemctl stop apparmor
|
systemctl stop apparmor
|
||||||
chroot $1 apt -y purge apparmor
|
apt -y purge apparmor
|
||||||
|
|
||||||
# Additional configuration (optional)
|
# Additional configuration (optional)
|
||||||
# Here you can add commands to adjust policies or configure additional rules
|
# Here you can add commands to adjust policies or configure additional rules
|
||||||
|
|
||||||
# Set SELinux to enforcing mode
|
# Set SELinux to enforcing mode
|
||||||
chroot $1 /usr/sbin/setenforce 1
|
/usr/sbin/setenforce 1
|
||||||
|
|
||||||
# Configure file contexts (example)
|
# Configure file contexts (example)
|
||||||
chroot $1 /sbin/restorecon -Rv /etc/
|
/sbin/restorecon -Rv /etc/
|
||||||
|
|
||||||
# Allow HTTPD scripts and modules to connect to the network (example)
|
# Allow HTTPD scripts and modules to connect to the network (example)
|
||||||
chroot $1 /usr/sbin/setsebool -P httpd_can_network_connect 1
|
/usr/sbin/setsebool -P httpd_can_network_connect 1
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
|
|
@ -2,39 +2,36 @@
|
||||||
|
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
#
|
#
|
||||||
# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me)
|
# SPDX-FileCopyrightText: 2023 PeppemrintOS Team (peppermintosteam@proton.me
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Install required SELinux packages
|
# Install required SELinux packages
|
||||||
chroot $1 apt update
|
apt -y install selinux-basics selinux-policy-default auditd
|
||||||
chroot $1 apt -y install selinux-basics selinux-policy-default auditd
|
|
||||||
|
|
||||||
# Initialize SELinux
|
# Initialize SELinux
|
||||||
chroot $1 selinux-activate
|
selinux-activate
|
||||||
|
|
||||||
# Restart auditd service
|
# Restart auditd service
|
||||||
chroot $1 systemctl restart auditd
|
systemctl restart auditd
|
||||||
|
|
||||||
# Enable SELinux policy activation on boot
|
# Enable SELinux policy activation on boot
|
||||||
chroot $1 systemctl enable selinux-policy-activate
|
systemctl enable selinux-policy-activate
|
||||||
|
|
||||||
# Disable AppArmor
|
# Disable AppArmor
|
||||||
chroot $1 systemctl disable apparmor
|
systemctl disable apparmor
|
||||||
chroot $1 systemctl stop apparmor
|
systemctl stop apparmor
|
||||||
chroot $1 apt -y purge apparmor
|
apt -y purge apparmor
|
||||||
|
|
||||||
# Additional configuration (optional)
|
# Additional configuration (optional)
|
||||||
# Here you can add commands to adjust policies or configure additional rules
|
# Here you can add commands to adjust policies or configure additional rules
|
||||||
|
|
||||||
# Set SELinux to enforcing mode
|
# Set SELinux to enforcing mode
|
||||||
chroot $1 /usr/sbin/setenforce 1
|
/usr/sbin/setenforce 1
|
||||||
|
|
||||||
# Configure file contexts (example)
|
# Configure file contexts (example)
|
||||||
chroot $1 /sbin/restorecon -Rv /etc/
|
/sbin/restorecon -Rv /etc/
|
||||||
|
|
||||||
# Allow HTTPD scripts and modules to connect to the network (example)
|
# Allow HTTPD scripts and modules to connect to the network (example)
|
||||||
chroot $1 /usr/sbin/setsebool -P httpd_can_network_connect 1
|
/usr/sbin/setsebool -P httpd_can_network_connect 1
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue