aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-05-08 17:10:51 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 04:28:17 +0200
commit61bb46a89b9f73055102b369451b6e64f63d45df (patch)
tree06d6b80e5d2cd191e014d7f414f8c5ef74b34881
parent82c1b5a67b250afbcb96c9460ff006f3d02c76cd (diff)
Remove the SELinux configuration option.
Since the default policy is no longer available in Jessie.
-rw-r--r--preseed.cfg5
-rw-r--r--src/fripost-postinst-udeb/debian/templates8
-rwxr-xr-xsrc/fripost-postinst-udeb/finish-install.d/07fripost37
3 files changed, 0 insertions, 50 deletions
diff --git a/preseed.cfg b/preseed.cfg
index 05f027d..66b1426 100644
--- a/preseed.cfg
+++ b/preseed.cfg
@@ -47,11 +47,6 @@ d-i fripost/partition-script string /cdrom/include/partition.sh
# for dropbear. (Default: false)
#d-i fripost/dropbear-use-openssh-key boolean false
-# Install and activate (in enforcing mode) SELinux? Note that activating
-# SELinux requires a dummy reboot to label all files. So if you have full-disk
-# encryption, you'll have to send the password twice to dropbear. (Default: false)
-#d-i fripost/activate-selinux boolean false
-
# Keep /media and its kids' entries in the fstab? /media (and its related
# entries in the fstab) can safely be removed on a headless server. (Default:
# false)
diff --git a/src/fripost-postinst-udeb/debian/templates b/src/fripost-postinst-udeb/debian/templates
index 1be33c0..9adf898 100644
--- a/src/fripost-postinst-udeb/debian/templates
+++ b/src/fripost-postinst-udeb/debian/templates
@@ -17,14 +17,6 @@ Default: false
Description: Use the same key for dropbear and OpenSSH?
If False, generate a dedicated key for dropbear.
-Template: fripost/activate-selinux
-Type: boolean
-Default: false
-Description: Install and activate (in enforcing mode) SELinux?
- Note that activating SELinux requires a dummy reboot to label all
- files. So if you have full-disk encryption, you'll have to send the
- password twice to dropbear.
-
Template: fripost/keep-media-directory
Type: boolean
Default: false
diff --git a/src/fripost-postinst-udeb/finish-install.d/07fripost b/src/fripost-postinst-udeb/finish-install.d/07fripost
index d4e05bb..e583d5a 100755
--- a/src/fripost-postinst-udeb/finish-install.d/07fripost
+++ b/src/fripost-postinst-udeb/finish-install.d/07fripost
@@ -133,43 +133,6 @@ cp /var/lib/fripost/sshd_config /target/etc/ssh/sshd_config
#######################################################################
-# Install and activate SELinux
-# TODO: would be better to have our own policy instead of amending the
-# default one.
-
-db_get fripost/activate-selinux
-if [ "$RET" = true ]; then
- progress "Installing SELinux"
- # Recommended packages include graphical tools...
- /bin/in-target /usr/bin/debconf-apt-progress --no-progress -- \
- apt-get -y install --no-install-recommends \
- selinux-basics selinux-policy-default selinux-policy-dev auditd
- progress "Activating SELinux"
- /bin/in-target /usr/sbin/selinux-activate
-
- sed -ri 's/^#?\s*(FSCKFIX)=(yes|no)\s*(\s#.*)?$/\1=yes/' \
- /target/etc/default/rcS
-
- progress "Running update-grub"
- grep -q '^GRUB_CMDLINE_LINUX=' /target/etc/default/grub \
- || fatal "Missing definition of 'GRUB_CMDLINE_LINUX' in /etc/default/grub"
- GRUB_CMDLINE="console=tty0 security=selinux enforcing=1"
- # ^ TODO: we should leave (non SELinux-related) existing
- # configuration options
- sed -ri "s/^(GRUB_CMDLINE_LINUX)=.*/\1=\"$GRUB_CMDLINE\"/" \
- /target/etc/default/grub
- /bin/in-target /usr/sbin/update-grub
-
- if /bin/in-target /bin/sh -c "dpkg-query -s postfix >/dev/null 2>&1"; then
- progress "Running postfix-nochroot"
- echo 'SYNC_CHROOT=n' >> /target/etc/default/postfix
- /bin/in-target /usr/sbin/postfix-nochroot
- fi
- # TODO: in a crontab: check-selinux-installation
-fi
-
-
-#######################################################################
# Remove unnecessary packages
# TODO: check for dummy packages / RCs in a weekly crontab.