Enable SELinux on Fedora minimal

2024-11-21 09:21:34 -05:00 · 2024-11-12 05:52:05 -07:00 · 2024-11-12 05:52:05 -07:00 · 7b8f77e399
commit 7b8f77e399
parent 857fbd5f14
2 changed files with 14 additions and 0 deletions
--- a/fedora-minimal/README.md
+++ b/fedora-minimal/README.md
@ -0,0 +1,10 @@
+# Enable SELinux
+
+To enable SELinux, do the following after you have run fedora-minimal.sh:
+- Shutdown the VM
+- Run `qvm-features fedora-40-minimal selinux 1`.
+- Start the minimal vm. Wait for it to shut itself down.
+- Run `qvm-features fedora-40-minimal selinux 0`.
+- Turn the VM on, remove `/.autorelabel`.
+- Turn the VM off.
+- Run `qvm-features fedora-40-minimal selinux 1`.
--- a/fedora-minimal/fedora-minimal.sh
+++ b/fedora-minimal/fedora-minimal.sh
@ -64,3 +64,7 @@ sudo https_proxy=https://127.0.0.1:8082 dnf copr enable secureblue/hardened_mall
 sudo dnf install -y hardened_malloc
 echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
 sudo chmod 644 /etc/ld.so.preload
+
+# Prepare for SELinux
+sudo touch /.autorelabel
+sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/sysconfig/selinux