diff --git a/install.sh b/install.sh index 485462b..cfa3c08 100644 --- a/install.sh +++ b/install.sh @@ -45,6 +45,7 @@ IPV4_ADDRESS="" ADMIN_PASSWORD="" INSTALL_DIR="/etc/pihole" PIHOLE_SKIP_OS_CHECK=false +HANDLE_SELINUX=true # Parse arguments while [ $# -gt 0 ]; do @@ -57,6 +58,7 @@ while [ $# -gt 0 ]; do --dns1) PIHOLE_DNS_1="$2"; shift 2 ;; --dns2) PIHOLE_DNS_2="$2"; shift 2 ;; --skip-os-check) PIHOLE_SKIP_OS_CHECK=true; shift ;; + --no-selinux) HANDLE_SELINUX=false; shift ;; --help|-h) echo "Pi-hole Baremetal Installer" echo "" @@ -71,6 +73,7 @@ while [ $# -gt 0 ]; do echo " --dns1 Upstream DNS 1 (default: 1.1.1.1)" echo " --dns2 Upstream DNS 2 (default: 1.0.0.1)" echo " --skip-os-check Skip OS compatibility check" + echo " --no-selinux Don't modify SELinux (may cause issues)" exit 0 ;; *) shift ;; @@ -160,6 +163,70 @@ wait_for_zypper_lock() { done } +# Handle SELinux on RHEL-based systems +handle_selinux() { + if [ "$HANDLE_SELINUX" != true ]; then + return 0 + fi + + # Check if SELinux is available + if ! command -v getenforce >/dev/null 2>&1; then + return 0 + fi + + local selinux_status=$(getenforce 2>/dev/null) + + if [ "$selinux_status" = "Enforcing" ]; then + log "SELinux is enforcing - configuring for Pi-hole..." + + # Set SELinux to permissive mode for installation + # Pi-hole doesn't provide SELinux policies, so we need to either: + # 1. Set to permissive + # 2. Set PIHOLE_SELINUX=true to skip the check + + if [ "$UNATTENDED" = true ]; then + # In unattended mode, set to permissive + warn "Setting SELinux to permissive mode for Pi-hole installation" + setenforce 0 2>/dev/null || true + + # Make it persistent + if [ -f /etc/selinux/config ]; then + sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config 2>/dev/null || true + fi + + success "SELinux set to permissive" + else + echo "" + echo "========================================" + echo " SELinux Configuration Required" + echo "========================================" + echo "" + echo "SELinux is currently enforcing. Pi-hole does not provide" + echo "SELinux policies and requires one of these options:" + echo "" + echo "1. Set SELinux to permissive mode (recommended for home use)" + echo "2. Keep enforcing and acknowledge potential issues" + echo "" + read -p "Set SELinux to permissive? [Y/n] " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Nn]$ ]]; then + setenforce 0 2>/dev/null || true + if [ -f /etc/selinux/config ]; then + sed -i 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config 2>/dev/null || true + fi + success "SELinux set to permissive" + else + warn "Keeping SELinux enforcing - setting PIHOLE_SELINUX=true" + export PIHOLE_SELINUX=true + fi + fi + elif [ "$selinux_status" = "Permissive" ]; then + log "SELinux is permissive - OK" + else + log "SELinux is disabled - OK" + fi +} + # Install prerequisites install_prerequisites() { log "Installing prerequisites..." @@ -599,6 +666,7 @@ main() { echo "" detect_os + handle_selinux install_prerequisites detect_interface detect_ip