From 196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Wed, 5 Sep 2018 12:50:53 +0200
Subject: dashboard/config: re-enable selinux

Upstream "selinux: fix mounting of cgroup2 under older policies"
commit fixes mounting of cgroup2 under wheezy selinux policy.
So don't disable selinux on start.
Create separate cmdline arguments that enable selinux and apparmor.
---
 tools/create-gce-image.sh | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'tools/create-gce-image.sh')

diff --git a/tools/create-gce-image.sh b/tools/create-gce-image.sh
index 177c208ee..0db7fc065 100755
--- a/tools/create-gce-image.sh
+++ b/tools/create-gce-image.sh
@@ -108,9 +108,6 @@ for i in {0..31}; do
 	echo "KERNEL==\"binder$i\", NAME=\"binder$i\", MODE=\"0666\"" | \
 		sudo tee -a disk.mnt/etc/udev/50-binder.rules
 done
-# We disable selinux for now because the default policy on wheezy prevents
-# mounting of cgroup2 (and stretch we don't know how to configure yet).
-echo 'SELINUX=disabled' | sudo tee disk.mnt/etc/selinux/config
 
 # sysctls
 echo "kernel.printk = 7 4 1 3" | sudo tee -a disk.mnt/etc/sysctl.conf
-- 
cgit mrf-deployment