From f5c44df92922d74cfff40989d6617e3a9e4c5904 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 17 Jul 2024 18:56:02 +0200
Subject: [PATCH] mkosi: Remove enforcing=0 from default kernel command line

We already have selinux=0 in the default kernel command line so
enforcing=0 is redundant. Instead, pass in enforcing=0 when we
enable selinux in TEST-06-SELINUX.
---
 mkosi.conf                       | 1 -
 test/TEST-06-SELINUX/meson.build | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/mkosi.conf b/mkosi.conf
index b1ac8950af6..56a89e8c228 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -68,7 +68,6 @@ KernelCommandLine=systemd.crash_shell
                   systemd.default_device_timeout_sec=30
                   # Make sure no LSMs are enabled by default.
                   selinux=0
-                  enforcing=0
                   systemd.early_core_pattern=/core
                   systemd.firstboot=no
                   raid=noautodetect
diff --git a/test/TEST-06-SELINUX/meson.build b/test/TEST-06-SELINUX/meson.build
index ea1a381471b..fd670ae40da 100644
--- a/test/TEST-06-SELINUX/meson.build
+++ b/test/TEST-06-SELINUX/meson.build
@@ -3,7 +3,7 @@
 integration_tests += [
         integration_test_template + {
                 'name' : fs.name(meson.current_source_dir()),
-                'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'lsm=selinux'],
+                'cmdline' : integration_test_template['cmdline'] + ['selinux=1', 'enforcing=0', 'lsm=selinux'],
                 # FIXME; Figure out why reboot sometimes hangs with 'linux' firmware.
                 # Use 'auto' to automatically fallback on non-uefi architectures.
                 'firmware' : 'auto',
-- 
2.47.3