Hello,
While using livecd-creator and poking around the code, I found a check
that I don't understand the reason for. livecd-creator will bail out if
the host has SELinux disabled and the kickstart file requests it be
enabled. Why is that? I would think that if SELinux was disabled but you
still had the policy available, that would be all you need to build a
properly labeled image.
Out of curiosity I made changes to the code just to see what would
happen. I attached them to this mail for reference, NOT as proposed
changes to be applied to the livecd-tools code. On an F10 system with
SELinux disabled I was able to build a working livecd image that I could
boot and play around in. SELinux was being enforced in the image too. I
was able to do this with a RHEL 5 kernel as well, just to see if maybe
something had changed with an earlier version of SELinux.
Perhaps the failure condition is no longer necessary?
Thanks in advance,
- Jay
>From d45ea3131f4c4d93b285a1903578526f5bf99913 Mon Sep 17 00:00:00 2001
From: Jay Greguske <jgreg...@zyzyx.usersys.redhat.com>
Date: Fri, 11 Sep 2009 16:23:55 -0400
Subject: [PATCH] Dirty removal of selinux failure condition
---
imgcreate/creator.py | 6 +++---
imgcreate/kickstart.py | 3 ++-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/imgcreate/creator.py b/imgcreate/creator.py
index 909f616..3c6440d 100644
--- a/imgcreate/creator.py
+++ b/imgcreate/creator.py
@@ -399,9 +399,9 @@ class ImageCreator(object):
if not kickstart.get_repos(self.ks):
raise CreatorError("No repositories specified")
- if (kickstart.selinux_enabled(self.ks) and
- not os.path.exists("/selinux/enforce")):
- raise CreatorError("SELinux requested but not enabled on host")
+# if (kickstart.selinux_enabled(self.ks) and
+# not os.path.exists("/selinux/enforce")):
+# raise CreatorError("SELinux requested but not enabled on host")
def __write_fstab(self):
fstab = open(self._instroot + "/etc/fstab", "w")
diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py
index 98db856..39e44e6 100644
--- a/imgcreate/kickstart.py
+++ b/imgcreate/kickstart.py
@@ -417,7 +417,8 @@ class SelinuxConfig(KickstartConfig):
if not os.path.exists(self.path("/sbin/restorecon")):
return
- self.call(["/sbin/restorecon", "-l", "-r", "-F", "-e", "/proc", "-e", "/sys", "-e", "/dev", "-e", "/selinux", "/"])
+ # self.call(["/sbin/restorecon", "-l", "-r", "-F", "-e", "/proc", "-e", "/sys", "-e", "/dev", "-e", "/selinux", "/"])
+ self.call(["/sbin/setfiles", "/etc/selinux/targeted/contexts/files/file_contexts", "/"])
def apply(self, ksselinux):
if os.path.exists(self.path("/usr/sbin/lokkit")):
--
1.6.0.6
--
Fedora-livecd-list mailing list
Fedora-livecd-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-livecd-list
