Add SELinux to Docker

RedHatOfficial · Sep 21, 2018 · 7e653ce · 7e653ce
1 parent 5d2c46a
commit 7e653ce
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,4 @@
-"[DRAFT] PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7"
-=========
+# PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7
 
 [![Build Status](https://travis-ci.org/RedHatOfficial/ansible-rhel7-pci-dss-role.svg?branch=master)](https://travis-ci.org/RedHatOfficial/ansible-rhel7-pci-dss-role)
 [![Ansible Role](https://img.shields.io/ansible/role/26067.svg)](https://galaxy.ansible.com/RedHatOfficial/rhel7-pci-dss-role)
@@ -24,31 +23,27 @@ How to apply this remediation role:
 $ ansible-playbook -i "192.168.1.155," playbook.yml  
 $ ansible-playbook -i inventory.ini playbook.yml
 
-Requirements
-------------
+# Requirements
 
 - Ansible version 2.3 or higher
 
 Role Variables
---------------
 
 To customize the role to your liking, check out the [list of variables](vars/main.yml).
 
-Dependencies
-------------
+# Dependencies
 
 N/A
 
-Example Playbook
-----------------
+# Example Playbook
 
-Run `ansible-galaxy install Ansible-Security-Compliance.rhel7-role-pci-dss` to
+Run `ansible-galaxy install RedHatOfficial.rhel7-role-pci-dss` to
 download and install the role. Then you can use the following playbook snippet.
 
 
     - hosts: all
       roles:
-         - { role: Ansible-Security-Compliance.rhel7-role-pci-dss }
+         - { role: RedHatOfficial.rhel7-role-pci-dss }
 
 
 Then first check the playbook using (on the localhost):
@@ -60,12 +55,10 @@ To deploy it, use (this may change configuration of your local machine!):
     ansible-playbook -i "localhost," -c local playbook.yml
 
 
-License
--------
+# License
 
 BSD-3-Clause
 
-Author Information
-------------------
+# Author Information
 
 This Ansible remediation role has been generated from the body of security policies developed by the SCAP Security Guide project. Please see https://github.com/OpenSCAP/scap-security-guide/blob/master/Contributors.md for an updated list of authors and contributors.
diff --git a/molecule/docker/Dockerfile.centos7 b/molecule/docker/Dockerfile.centos7
@@ -11,13 +11,13 @@ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
 rm -f /lib/systemd/system/basic.target.wants/*; \
 rm -f /lib/systemd/system/anaconda.target.wants/*;
 
-RUN yum -y install openssh-server audit authconfig initscripts git sudo cronie firewalld; \
+RUN yum -y install openssh-server audit authconfig initscripts git sudo selinux-policy-targeted cronie firewalld; \
     yum -y update; \
     yum clean all
 
 # Fix for Travis docker containers
 RUN ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
-RUN mkdir /var/log/audit; chmod 700 /var/log/audit;
+RUN sed -i "s/disabled/permissive/g" -i /etc/selinux/config
 
 VOLUME ["/sys/fs/cgroup", "/var/log/audit"]