Fix: Handle SELinux on RHEL-based systems
- Add handle_selinux() function to detect and configure SELinux - In unattended mode, automatically set SELinux to permissive - In interactive mode, prompt user for SELinux configuration - Add --no-selinux option to skip SELinux handling - Export PIHOLE_SELINUX=true if user wants to keep enforcing mode
This commit is contained in:
Vish
68
install.sh
68
install.sh
@@ -45,6 +45,7 @@ IPV4_ADDRESS=""
|
||||
ADMIN_PASSWORD=""
|
||||
INSTALL_DIR="/etc/pihole"
|
||||
PIHOLE_SKIP_OS_CHECK=false
|
||||
HANDLE_SELINUX=true
|
||||
|
||||
# Parse arguments
|
||||
while [ $# -gt 0 ]; do
|
||||
@@ -57,6 +58,7 @@ while [ $# -gt 0 ]; do
|
||||
--dns1) PIHOLE_DNS_1="$2"; shift 2 ;;
|
||||
--dns2) PIHOLE_DNS_2="$2"; shift 2 ;;
|
||||
--skip-os-check) PIHOLE_SKIP_OS_CHECK=true; shift ;;
|
||||
--no-selinux) HANDLE_SELINUX=false; shift ;;
|
||||
--help|-h)
|
||||
echo "Pi-hole Baremetal Installer"
|
||||
echo ""
|
||||
@@ -71,6 +73,7 @@ while [ $# -gt 0 ]; do
|
||||
echo " --dns1 <ip> Upstream DNS 1 (default: 1.1.1.1)"
|
||||
echo " --dns2 <ip> Upstream DNS 2 (default: 1.0.0.1)"
|
||||
echo " --skip-os-check Skip OS compatibility check"
|
||||
echo " --no-selinux Don't modify SELinux (may cause issues)"
|
||||
exit 0
|
||||
;;
|
||||
*) shift ;;
|
||||
@@ -160,6 +163,70 @@ wait_for_zypper_lock() {
|
||||
done
|
||||
}
|
||||
|
||||
# Handle SELinux on RHEL-based systems
|
||||
handle_selinux() {
|
||||
if [ "$HANDLE_SELINUX" != true ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
# Check if SELinux is available
|
||||
if ! command -v getenforce >/dev/null 2>&1; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
local selinux_status=$(getenforce 2>/dev/null)
|
||||
|
||||
if [ "$selinux_status" = "Enforcing" ]; then
|
||||
log "SELinux is enforcing - configuring for Pi-hole..."
|
||||
|
||||
# Set SELinux to permissive mode for installation
|
||||
# Pi-hole doesn't provide SELinux policies, so we need to either:
|
||||
# 1. Set to permissive
|
||||
# 2. Set PIHOLE_SELINUX=true to skip the check
|
||||
|
||||
if [ "$UNATTENDED" = true ]; then
|
||||
# In unattended mode, set to permissive
|
||||
warn "Setting SELinux to permissive mode for Pi-hole installation"
|
||||
setenforce 0 2>/dev/null || true
|
||||
|
||||
# Make it persistent
|
||||
if [ -f /etc/selinux/config ]; then
|
||||
sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config 2>/dev/null || true
|
||||
fi
|
||||
|
||||
success "SELinux set to permissive"
|
||||
else
|
||||
echo ""
|
||||
echo "========================================"
|
||||
echo " SELinux Configuration Required"
|
||||
echo "========================================"
|
||||
echo ""
|
||||
echo "SELinux is currently enforcing. Pi-hole does not provide"
|
||||
echo "SELinux policies and requires one of these options:"
|
||||
echo ""
|
||||
echo "1. Set SELinux to permissive mode (recommended for home use)"
|
||||
echo "2. Keep enforcing and acknowledge potential issues"
|
||||
echo ""
|
||||
read -p "Set SELinux to permissive? [Y/n] " -n 1 -r
|
||||
echo
|
||||
if [[ ! $REPLY =~ ^[Nn]$ ]]; then
|
||||
setenforce 0 2>/dev/null || true
|
||||
if [ -f /etc/selinux/config ]; then
|
||||
sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config 2>/dev/null || true
|
||||
fi
|
||||
success "SELinux set to permissive"
|
||||
else
|
||||
warn "Keeping SELinux enforcing - setting PIHOLE_SELINUX=true"
|
||||
export PIHOLE_SELINUX=true
|
||||
fi
|
||||
fi
|
||||
elif [ "$selinux_status" = "Permissive" ]; then
|
||||
log "SELinux is permissive - OK"
|
||||
else
|
||||
log "SELinux is disabled - OK"
|
||||
fi
|
||||
}
|
||||
|
||||
# Install prerequisites
|
||||
install_prerequisites() {
|
||||
log "Installing prerequisites..."
|
||||
@@ -599,6 +666,7 @@ main() {
|
||||
echo ""
|
||||
|
||||
detect_os
|
||||
handle_selinux
|
||||
install_prerequisites
|
||||
detect_interface
|
||||
detect_ip
|
||||
|
||||
Reference in New Issue
Block a user