aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/fripost-postinst-udeb/debian/templates8
-rwxr-xr-xsrc/fripost-postinst-udeb/finish-install.d/07fripost37
2 files changed, 0 insertions, 45 deletions
diff --git a/src/fripost-postinst-udeb/debian/templates b/src/fripost-postinst-udeb/debian/templates
index 1be33c0..9adf898 100644
--- a/src/fripost-postinst-udeb/debian/templates
+++ b/src/fripost-postinst-udeb/debian/templates
@@ -17,14 +17,6 @@ Default: false
Description: Use the same key for dropbear and OpenSSH?
If False, generate a dedicated key for dropbear.
-Template: fripost/activate-selinux
-Type: boolean
-Default: false
-Description: Install and activate (in enforcing mode) SELinux?
- Note that activating SELinux requires a dummy reboot to label all
- files. So if you have full-disk encryption, you'll have to send the
- password twice to dropbear.
-
Template: fripost/keep-media-directory
Type: boolean
Default: false
diff --git a/src/fripost-postinst-udeb/finish-install.d/07fripost b/src/fripost-postinst-udeb/finish-install.d/07fripost
index d4e05bb..e583d5a 100755
--- a/src/fripost-postinst-udeb/finish-install.d/07fripost
+++ b/src/fripost-postinst-udeb/finish-install.d/07fripost
@@ -133,43 +133,6 @@ cp /var/lib/fripost/sshd_config /target/etc/ssh/sshd_config
#######################################################################
-# Install and activate SELinux
-# TODO: would be better to have our own policy instead of amending the
-# default one.
-
-db_get fripost/activate-selinux
-if [ "$RET" = true ]; then
- progress "Installing SELinux"
- # Recommended packages include graphical tools...
- /bin/in-target /usr/bin/debconf-apt-progress --no-progress -- \
- apt-get -y install --no-install-recommends \
- selinux-basics selinux-policy-default selinux-policy-dev auditd
- progress "Activating SELinux"
- /bin/in-target /usr/sbin/selinux-activate
-
- sed -ri 's/^#?\s*(FSCKFIX)=(yes|no)\s*(\s#.*)?$/\1=yes/' \
- /target/etc/default/rcS
-
- progress "Running update-grub"
- grep -q '^GRUB_CMDLINE_LINUX=' /target/etc/default/grub \
- || fatal "Missing definition of 'GRUB_CMDLINE_LINUX' in /etc/default/grub"
- GRUB_CMDLINE="console=tty0 security=selinux enforcing=1"
- # ^ TODO: we should leave (non SELinux-related) existing
- # configuration options
- sed -ri "s/^(GRUB_CMDLINE_LINUX)=.*/\1=\"$GRUB_CMDLINE\"/" \
- /target/etc/default/grub
- /bin/in-target /usr/sbin/update-grub
-
- if /bin/in-target /bin/sh -c "dpkg-query -s postfix >/dev/null 2>&1"; then
- progress "Running postfix-nochroot"
- echo 'SYNC_CHROOT=n' >> /target/etc/default/postfix
- /bin/in-target /usr/sbin/postfix-nochroot
- fi
- # TODO: in a crontab: check-selinux-installation
-fi
-
-
-#######################################################################
# Remove unnecessary packages
# TODO: check for dummy packages / RCs in a weekly crontab.