From 7b8f77e399e12ebf16a9cf38db7f0af6521e7c72 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 12 Nov 2024 05:52:05 -0700
Subject: [PATCH] Enable SELinux on Fedora minimal

---
 fedora-minimal/README.md         | 10 ++++++++++
 fedora-minimal/fedora-minimal.sh |  4 ++++
 2 files changed, 14 insertions(+)
 create mode 100644 fedora-minimal/README.md

diff --git a/fedora-minimal/README.md b/fedora-minimal/README.md
new file mode 100644
index 0000000..3f3e642
--- /dev/null
+++ b/fedora-minimal/README.md
@@ -0,0 +1,10 @@
+# Enable SELinux
+
+To enable SELinux, do the following after you have run fedora-minimal.sh:
+- Shutdown the VM
+- Run `qvm-features fedora-40-minimal selinux 1`.
+- Start the minimal vm. Wait for it to shut itself down.
+- Run `qvm-features fedora-40-minimal selinux 0`.
+- Turn the VM on, remove `/.autorelabel`.
+- Turn the VM off.
+- Run `qvm-features fedora-40-minimal selinux 1`.
\ No newline at end of file
diff --git a/fedora-minimal/fedora-minimal.sh b/fedora-minimal/fedora-minimal.sh
index cb99555..09e0b70 100644
--- a/fedora-minimal/fedora-minimal.sh
+++ b/fedora-minimal/fedora-minimal.sh
@@ -64,3 +64,7 @@ sudo https_proxy=https://127.0.0.1:8082 dnf copr enable secureblue/hardened_mall
 sudo dnf install -y hardened_malloc
 echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
 sudo chmod 644 /etc/ld.so.preload
+
+# Prepare for SELinux
+sudo touch /.autorelabel
+sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/sysconfig/selinux
\ No newline at end of file