imgcreate/creator.py | 9 ------ imgcreate/kickstart.py | 65 +++++++++++++++++++++++++++---------------------- imgcreate/yuminst.py | 1 3 files changed, 37 insertions(+), 38 deletions(-)
New commits: commit 84b14777b7d9025a802e03008fcec670d4164f1f Author: Brian C. Lane <[email protected]> Date: Tue Oct 9 13:19:05 2012 -0700 add nocontexts for selinux (#858373) We relabel everything after the install, so tell rpm not to use selinux. diff --git a/imgcreate/yuminst.py b/imgcreate/yuminst.py index 97e5ecf..f753e8f 100644 --- a/imgcreate/yuminst.py +++ b/imgcreate/yuminst.py @@ -79,6 +79,7 @@ class LiveCDYum(yum.YumBase): conf += "reposdir=\n" conf += "failovermethod=priority\n" conf += "keepcache=1\n" + conf += "tsflags=nocontexts\n" f = file(confpath, "w+") f.write(conf) commit d72c04d6c3228de5e83eef94d8fca68398f0dab5 Author: Brian C. Lane <[email protected]> Date: Tue Oct 30 16:39:46 2012 -0700 remove lokkit usage Write to /etc/selinux/config instead of using lokkit. Setup firewall with firewalld's firewall-offline-cmd diff --git a/imgcreate/creator.py b/imgcreate/creator.py index 891d6ef..0e5ed6b 100644 --- a/imgcreate/creator.py +++ b/imgcreate/creator.py @@ -607,13 +607,6 @@ class ImageCreator(object): self._get_excluded_packages()): ayum.deselectPackage(pkg) - # if the system is running selinux and the kickstart wants it disabled - # we need /usr/sbin/lokkit - def __can_handle_selinux(self, ayum): - file = "/usr/sbin/lokkit" - if not kickstart.selinux_enabled(self.ks) and selinux.is_selinux_enabled() and not ayum.installHasFile(file): - raise CreatorError("Unable to disable SELinux because the installed package set did not include the file %s" % (file)) - def install(self, repo_urls = {}): """Install packages into the install root. @@ -657,8 +650,6 @@ class ImageCreator(object): self.__select_groups(ayum) self.__deselect_packages(ayum) - self.__can_handle_selinux(ayum) - ayum.runInstall() except yum.Errors.RepoError, e: raise CreatorError("Unable to download from repo : %s" % (e,)) diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py index 1d8f5cf..7adb37a 100644 --- a/imgcreate/kickstart.py +++ b/imgcreate/kickstart.py @@ -175,23 +175,25 @@ class AuthConfig(KickstartConfig): class FirewallConfig(KickstartConfig): """A class to apply a kickstart firewall configuration to a system.""" def apply(self, ksfirewall): - if not os.path.exists(self.path("/usr/sbin/lokkit")): - return - args = ["/usr/sbin/lokkit", "-f", "--quiet", "--nostart"] - if ksfirewall.enabled: - args.append("--enabled") - - for port in ksfirewall.ports: - args.append("--port=%s" %(port,)) - for svc in ksfirewall.services: - args.append("--service=%s" %(svc,)) - for dev in ksfirewall.trusts: - args.append("--trust=%s" %(dev,)) + args = ["/usr/bin/firewall-offline-cmd"] + # enabled is None if neither --enable or --disable is passed + # default to enabled if nothing has been set. + if ksfirewall.enabled == False: + args += ["--disabled"] else: - args.append("--disabled") + args += ["--enabled"] + + for dev in ksfirewall.trusts: + args += [ "--trust=%s" % (dev,) ] + + for port in ksfirewall.ports: + args += [ "--port=%s" % (port,) ] + + for service in ksfirewall.services: + args += [ "--service=%s" % (service,) ] self.call(args) - + class RootPasswordConfig(KickstartConfig): """A class to apply a kickstart root password configuration to a system.""" def unset(self): @@ -426,17 +428,27 @@ class SelinuxConfig(KickstartConfig): self.call(["/sbin/setfiles", "-p", "-e", "/proc", "-e", "/sys", "-e", "/dev", selinux.selinux_file_context_path(), "/"]) def apply(self, ksselinux): - if os.path.exists(self.path("/usr/sbin/lokkit")): - args = ["/usr/sbin/lokkit", "--quiet", "--nostart"] + selinux_config = "/etc/selinux/config" + if not os.path.exists(self.instroot+selinux_config): + return - if ksselinux.selinux == ksconstants.SELINUX_ENFORCING: - args.append("--selinux=enforcing") - if ksselinux.selinux == ksconstants.SELINUX_PERMISSIVE: - args.append("--selinux=permissive") - if ksselinux.selinux == ksconstants.SELINUX_DISABLED: - args.append("--selinux=disabled") + if ksselinux.selinux == ksconstants.SELINUX_ENFORCING: + cmd = "SELINUX=enforcing\n" + elif ksselinux.selinux == ksconstants.SELINUX_PERMISSIVE: + cmd = "SELINUX=permissive\n" + elif ksselinux.selinux == ksconstants.SELINUX_DISABLED: + cmd = "SELINUX=disabled\n" + else: + return - self.call(args) + # Replace the SELINUX line in the config + lines = open(self.instroot+selinux_config).readlines() + with open(self.instroot+selinux_config, "w") as f: + for line in lines: + if line.startswith("SELINUX="): + f.write(cmd) + else: + f.write(line) self.relabel(ksselinux) commit 9260623205f51ab5d27a39734b55a20c80025b57 Author: Brian C. Lane <[email protected]> Date: Mon Oct 29 17:32:01 2012 -0700 use locale.conf not sysconfig/i18n (#870805) diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py index c82dde3..1d8f5cf 100644 --- a/imgcreate/kickstart.py +++ b/imgcreate/kickstart.py @@ -131,7 +131,7 @@ class LanguageConfig(KickstartConfig): def apply(self, kslang): lang = kslang.lang or "en_US.UTF-8" - f = open(self.path("/etc/sysconfig/i18n"), "w+") + f = open(self.path("/etc/locale.conf"), "w+") f.write("LANG=\"" + lang + "\"\n") f.close() commit fa6a0a2ab7f7bc2c5a16622ac33ae446bf2b3d52 Author: Brian C. Lane <[email protected]> Date: Mon Oct 29 17:26:40 2012 -0700 don't write clock (#870805) diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py index b66367c..c82dde3 100644 --- a/imgcreate/kickstart.py +++ b/imgcreate/kickstart.py @@ -149,11 +149,6 @@ class TimezoneConfig(KickstartConfig): tz = kstimezone.timezone or "America/New_York" utc = str(kstimezone.isUtc) - f = open(self.path("/etc/sysconfig/clock"), "w+") - f.write("ZONE=\"" + tz + "\"\n") - f.write("UTC=" + utc + "\n") - f.close() - # /etc/localtime is a symlink with glibc > 2.15-41 if os.path.islink(self.path("/etc/localtime")): os.unlink(self.path("/etc/localtime")) -- livecd mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/livecd
