[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[lorax] Comment on why selinux needs to be in permissive or disabled



---
 src/pylorax/__init__.py |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py
index f21618d..aeb1b02 100644
--- a/src/pylorax/__init__.py
+++ b/src/pylorax/__init__.py
@@ -170,6 +170,16 @@ class Lorax(BaseLoraxClass):
             sys.exit(1)
 
         # is selinux disabled?
+        # With selinux in enforcing mode the rpcbind package required for
+        # dracut nfs module, which is in turn required by anaconda module,
+        # will not get installed, because it's preinstall scriptlet fails,
+        # resulting in an incomplete initial ramdisk image.
+        # The reason is that the scriptlet runs tools from the shadow-utils
+        # package in chroot, particularly groupadd and useradd to add the
+        # required rpc group and rpc user. This operation fails, because
+        # the selinux context on files in the chroot, that the shadow-utils
+        # tools need to access (/etc/group, /etc/passwd, /etc/shadow etc.),
+        # is wrong and selinux therefore disallows access to these files.
         logger.info("checking the selinux mode")
         if selinux.security_getenforce():
             logger.critical("selinux must be disabled or in Permissive mode")
-- 
1.7.9.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]