diff --git a/Earthfile b/Earthfile index 913f5e8..0b670bf 100644 --- a/Earthfile +++ b/Earthfile @@ -30,6 +30,7 @@ ARG K8S_DISTRIBUTION ARG CUSTOM_TAG ARG CLUSTERCONFIG ARG ARCH +ARG DISABLE_SELINUX=true ARG FIPS_ENABLED=false ARG HTTP_PROXY @@ -355,9 +356,11 @@ base-image: chmod 444 /etc/machine-id RUN rm /tmp/* -rf + IF [ "$DISABLE_SELINUX" = "true" ] # Ensure SElinux gets disabled - RUN if grep "security=selinux" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/security=selinux //g' /etc/cos/bootargs.cfg; fi &&\ - if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi + RUN if grep "security=selinux" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/security=selinux //g' /etc/cos/bootargs.cfg; fi &&\ + if grep "selinux=1" /etc/cos/bootargs.cfg > /dev/null; then sed -i 's/selinux=1/selinux=0/g' /etc/cos/bootargs.cfg; fi + END # Used to build the installer image. The installer ISO will be created from this. iso-image: diff --git a/README.md b/README.md index 8c2edaf..e8b6b5d 100644 --- a/README.md +++ b/README.md @@ -132,6 +132,7 @@ Skip this step if your base image is ubuntu or opensuse-leap. If you are buildin | NO_PROXY | URLS that should be excluded from proxying (Optional) | string | | | PROXY_CERT_PATH | Absolute path of the SSL Proxy certificate in PEM format if needed (Optional) | string | | | UPDATE_KERNEL | Determines whether to upgrade the Kernel version to the latest from the upstream OS provider | boolean| `false` | +| DISABLE_SELINUX | Disable selinux in the operating system. Some applications (like Kubevirt) do not like selinux | boolean| `true` | | CLUSTERCONFIG | Path of the cluster config | string | | 8. (Optional) If you are building the images behind a proxy server, you may need to modify your docker daemon settings to let it use your proxy server. You can refer this [tutorial](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy).