diff options
| author |   Nicolas Iooss <nicolas.iooss@m4x.org> | 2019-12-22 18:12:34 +0100 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2020-02-15 15:22:28 +0800 |
| commit | c8ca10835069f52c97e52aa404b5a575e75a450f (patch) | |
| tree | ed3f71eaebbd8f443c7fa2b1349ef56d617a8458 /Vagrantfile | |
| parent | Vagrantfile: fix configuration (diff) | |
| download | hardened-refpolicy-c8ca10835069f52c97e52aa404b5a575e75a450f.tar.gz hardened-refpolicy-c8ca10835069f52c97e52aa404b5a575e75a450f.tar.bz2 hardened-refpolicy-c8ca10835069f52c97e52aa404b5a575e75a450f.zip | |
Vagrantfile: remove sudo
The provisioning scripts are already run as root.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'Vagrantfile')
| -rw-r--r-- | Vagrantfile | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/Vagrantfile b/Vagrantfile index 00313ee6..2b7d9948 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -15,43 +15,43 @@ $install_refpolicy = <<-SHELL sudo -su vagrant make -C /vagrant conf sudo -su vagrant make -C /vagrant all sudo -su vagrant make -C /vagrant validate - sudo -s make -C /vagrant install - sudo -s make -C /vagrant install-headers - sudo -s semodule -s refpolicy -i /usr/share/selinux/refpolicy/*.pp + make -C /vagrant install + make -C /vagrant install-headers + semodule -s refpolicy -i /usr/share/selinux/refpolicy/*.pp if ! (LANG=C sestatus -v | grep '^Loaded policy name:\s*refpolicy$' > /dev/null) then # Use the reference policy sed -i -e 's/^\\(SELINUXTYPE=\\).*/SELINUXTYPE=refpolicy/' /etc/selinux/config fi - sudo -s semodule --reload + semodule --reload # allow every domain to use /dev/urandom - sudo -s semanage boolean --modify --on global_ssp + semanage boolean --modify --on global_ssp # allow systemd-tmpfiles to manage every file - sudo -s semanage boolean --modify --on systemd_tmpfiles_manage_all + semanage boolean --modify --on systemd_tmpfiles_manage_all # make vagrant user use unconfined_u context - if ! (sudo -s semanage login -l | grep '^vagrant' > /dev/null) + if ! (semanage login -l | grep '^vagrant' > /dev/null) then echo "Configuring SELinux context for vagrant user" - sudo -s semanage login -a -s unconfined_u vagrant + semanage login -a -s unconfined_u vagrant fi # label /vagrant as vagrant's home files - if sudo -s semanage fcontext --list | grep '^/vagrant(/\.\*)?' + if semanage fcontext --list | grep '^/vagrant(/\.\*)?' then - sudo -s semanage fcontext -m -s unconfined_u -t user_home_t '/vagrant(/.*)?' + semanage fcontext -m -s unconfined_u -t user_home_t '/vagrant(/.*)?' else - sudo -s semanage fcontext -a -s unconfined_u -t user_home_t '/vagrant(/.*)?' + semanage fcontext -a -s unconfined_u -t user_home_t '/vagrant(/.*)?' fi # Update interface_info - sudo -s sepolgen-ifgen -o /var/lib/sepolgen/interface_info -i /usr/share/selinux/refpolicy + sepolgen-ifgen -o /var/lib/sepolgen/interface_info -i /usr/share/selinux/refpolicy echo "Relabelling the system..." - sudo -s restorecon -RF / + restorecon -RF / echo "If this is a fresh install, you need to reboot in order to enable enforcing mode" SHELL |