From 9d3bae766e956c816a6656faf7cb91d3b5ead5e7 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Thu, 20 Sep 2018 14:04:24 +0200
Subject: [PATCH] Revert "prepare-root.sh: don't switch selinux enforcing mode"

This reverts commit 522a302ef417c3443300b377fcd1e0727fdf8043.
---
 prepare-root.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/prepare-root.sh b/prepare-root.sh
index 77290c6..34227ab 100755
--- a/prepare-root.sh
+++ b/prepare-root.sh
@@ -120,6 +120,7 @@ VERSION_ID="${RELEASEVER}.$(date -u +'%Y%m%d%H%M%S')"
 OUTDIR=${OUTDIR:-"${CURDIR}/${NAME}-${VERSION_ID}"}
 GPGKEY=${GPGKEY:-${NAME}.gpg}
 REPOSD=${REPOSD:-/etc/yum.repos.d}
+readonly OLD_SELINUX=$(getenforce)
 
 [[ $TMPDIR ]] || TMPDIR=/var/tmp
 readonly TMPDIR="$(realpath -e "$TMPDIR")"
@@ -142,12 +143,15 @@ trap '
        [[ -d "$i" ]] && mountpoint -q "$i" && umount "$i"
     done
     [[ $MY_TMPDIR ]] && rm -rf --one-file-system -- "$MY_TMPDIR"
+    setenforce $OLD_SELINUX
     exit $ret;
     ' EXIT
 
 # clean up after ourselves no matter how we die.
 trap 'exit 1;' SIGINT
 
+setenforce 0
+
 if ! [[ -f "${BASEDIR}"/linuxx64.efi.stub ]]; then
     cp /lib/systemd/boot/efi/linuxx64.efi.stub "${BASEDIR}"/linuxx64.efi.stub
 fi
@@ -597,4 +601,5 @@ cat > "${OUTDIR%/*}/${NAME}-latest.json" <<EOF
 EOF
 
 chown "$USER" "${OUTDIR%/*}/${NAME}-latest.json"
+setenforce $OLD_SELINUX