From 7c9acf4806f320084f5152f005a27d1660572016 Mon Sep 17 00:00:00 2001 From: Steven Dake Date: Tue, 31 Mar 2015 22:15:24 -0700 Subject: [PATCH] Check for SELinux in enforcing mode and exit if found Previously the start script would disable SELinux That is a policy choice by the administrator, not something that should be done in a development tool. Instead suggest setting SELinux to permissive mode manually. Change-Id: I342a1614f9c10ec066cd2a8dc79280481e0b7570 --- tools/start | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tools/start b/tools/start index ade9bf13fc..7e88ae5d0e 100755 --- a/tools/start +++ b/tools/start @@ -15,8 +15,15 @@ fi REAL_PATH=$(python -c "import os,sys;print os.path.realpath('$0')") cd "$(dirname "$REAL_PATH")/.." -# Set SELinux to permissive -setenforce permissive +# Check for SELinux in Enforcing mode and exit if found +if [[ -x /usr/sbin/getenforce ]]; then + if [[ $(/usr/sbin/getenforce) == "Enforcing" ]]; then + echo "You must execute this script without SELinux enforcing mode." + echo "Turn off SELinux enforcing mode by running:" + echo "$ sudo setenforce permissive" + exit 1 + fi +fi # This directory is shared with the host to allow qemu instance # configs to remain accross restarts. This is needed in the event libvirt