diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/fripost-postinst-udeb/debian/templates | 8 | ||||
-rwxr-xr-x | src/fripost-postinst-udeb/finish-install.d/07fripost | 37 |
2 files changed, 0 insertions, 45 deletions
diff --git a/src/fripost-postinst-udeb/debian/templates b/src/fripost-postinst-udeb/debian/templates index 1be33c0..9adf898 100644 --- a/src/fripost-postinst-udeb/debian/templates +++ b/src/fripost-postinst-udeb/debian/templates @@ -17,14 +17,6 @@ Default: false Description: Use the same key for dropbear and OpenSSH? If False, generate a dedicated key for dropbear. -Template: fripost/activate-selinux -Type: boolean -Default: false -Description: Install and activate (in enforcing mode) SELinux? - Note that activating SELinux requires a dummy reboot to label all - files. So if you have full-disk encryption, you'll have to send the - password twice to dropbear. - Template: fripost/keep-media-directory Type: boolean Default: false diff --git a/src/fripost-postinst-udeb/finish-install.d/07fripost b/src/fripost-postinst-udeb/finish-install.d/07fripost index d4e05bb..e583d5a 100755 --- a/src/fripost-postinst-udeb/finish-install.d/07fripost +++ b/src/fripost-postinst-udeb/finish-install.d/07fripost @@ -133,43 +133,6 @@ cp /var/lib/fripost/sshd_config /target/etc/ssh/sshd_config ####################################################################### -# Install and activate SELinux -# TODO: would be better to have our own policy instead of amending the -# default one. - -db_get fripost/activate-selinux -if [ "$RET" = true ]; then - progress "Installing SELinux" - # Recommended packages include graphical tools... - /bin/in-target /usr/bin/debconf-apt-progress --no-progress -- \ - apt-get -y install --no-install-recommends \ - selinux-basics selinux-policy-default selinux-policy-dev auditd - progress "Activating SELinux" - /bin/in-target /usr/sbin/selinux-activate - - sed -ri 's/^#?\s*(FSCKFIX)=(yes|no)\s*(\s#.*)?$/\1=yes/' \ - /target/etc/default/rcS - - progress "Running update-grub" - grep -q '^GRUB_CMDLINE_LINUX=' /target/etc/default/grub \ - || fatal "Missing definition of 'GRUB_CMDLINE_LINUX' in /etc/default/grub" - GRUB_CMDLINE="console=tty0 security=selinux enforcing=1" - # ^ TODO: we should leave (non SELinux-related) existing - # configuration options - sed -ri "s/^(GRUB_CMDLINE_LINUX)=.*/\1=\"$GRUB_CMDLINE\"/" \ - /target/etc/default/grub - /bin/in-target /usr/sbin/update-grub - - if /bin/in-target /bin/sh -c "dpkg-query -s postfix >/dev/null 2>&1"; then - progress "Running postfix-nochroot" - echo 'SYNC_CHROOT=n' >> /target/etc/default/postfix - /bin/in-target /usr/sbin/postfix-nochroot - fi - # TODO: in a crontab: check-selinux-installation -fi - - -####################################################################### # Remove unnecessary packages # TODO: check for dummy packages / RCs in a weekly crontab. |