Adding configuration to disable SElinux.

Indeed if the derived containers are booted with selinux already installed systemd does not work because of different selinux policies on the same file in the container and the host system: ``` [root@ctafrontend ~]# systemctl Failed to get D-Bus connection: Operation not permitted ``` Anyway even if selinux is installed later it is not enabled in the running container...

Adding configuration to disable SElinux.
76585ad4 · root · Julien Leduc · 7855a236 · 76585ad4 · 76585ad4
Commit 76585ad4 authored 7 years ago by root Committed by Julien Leduc 7 years ago
--- a/continuousintegration/docker/ctafrontend/cc7/ci_runner/Dockerfile
+++ b/continuousintegration/docker/ctafrontend/cc7/ci_runner/Dockerfile
@@ -101,6 +101,10 @@ ADD ${BASEDIR}/rc.local /etc/rc.d
 # Make sure it can be executed by root
 RUN chmod 744 /etc/rc.local

+# disable selinux so that systemd works if the container is booted
+# with an image that already contains selinux
+ADD ${BASEDIR}/etc_selinux_config /etc/selinux/config
+
 # One more thing so that we can use systemd
 VOLUME [ "/sys/fs/cgroup" ]


--- a/continuousintegration/docker/ctafrontend/cc7/etc_selinux_config
+++ b/continuousintegration/docker/ctafrontend/cc7/etc_selinux_config
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
+SELINUX=disabled
+# SELINUXTYPE= can take one of three two values:
+#     targeted - Targeted processes are protected,
+#     minimum - Modification of targeted policy. Only selected processes are protected. 
+#     mls - Multi Level Security protection.
+SELINUXTYPE=targeted