From 238c3aff05f6d301b16ce65c61b888ae3c86dac9 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 5 Dec 2024 21:02:28 -0600
Subject: [PATCH] build-rootfs: Disable SELinux for now

Until we have a working CI pipeline that can appropriately manage the
SELinux policy in the target environment, anyway.
---
 build-rootfs.sh  | 3 +++
 install.packages | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/build-rootfs.sh b/build-rootfs.sh
index f232b2c..7ea5a23 100755
--- a/build-rootfs.sh
+++ b/build-rootfs.sh
@@ -96,6 +96,7 @@ if ! grep -q Include /mnt/gentoo/etc/ssh/sshd_config; then
         >> /mnt/gentoo/etc/ssh/sshd_config
 fi
 
+case ${profile} in *selinux*)
 # Although `semanage` accepts a `--store` argument that supposedly
 # instructs it to operate on an alternate SELinux policy store, it
 # doesn't actually work.  As such, we have to run `semanage` in an
@@ -117,5 +118,7 @@ setfiles \
     -e /mnt/gentoo/etc/portage \
     /mnt/gentoo/etc/selinux/mcs/contexts/files/file_contexts \
     /mnt/gentoo
+;;
+esac
 
 touch /mnt/gentoo/usr
diff --git a/install.packages b/install.packages
index 19d1144..472ccfe 100644
--- a/install.packages
+++ b/install.packages
@@ -1,6 +1,5 @@
 net-misc/openssh
 net-misc/wget
-sec-policy/selinux-aimee-os
 sys-apps/busybox
 sys-apps/systemd
 sys-fs/btrfs-progs