[Fedora-livecd-list] ImageCreator "selinux --disable" problem
Warren Togami
wtogami at redhat.com
Tue Feb 19 22:25:14 UTC 2008
I am trying to reproduce the install behavior of anaconda --noselinux,
where it installs a chroot without labels. [1] I need this for LTSP due
to SELinux chroot limitations, and Dan Walsh confirms that this is my
best option given these current limitations.
First I discovered places in kickstart.py where it is supposed to be
checking that SELinux-from-kickstart file setting was always returning
true. I believe the attached patch fixes this part, although it could
use some review.
To my dismay it continued to install with labels. I then realized that
creator.py's ImageCreator mount() method unconditionally bind mounted
the system's /selinux directory, which is incorrect if "selinux
--disabled" is defined in the kickstart file.
Perhaps my understanding of python is not advanced, but it appears that
there is no good way to check kickstart's selinux setting from the
mount() method due to the way it is abstracted.
Any ideas what could be done here?
Warren Togami
wtogami at redhat.com
[1]
OK, it really does have labels, but all the labels are the same.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imagecreator-selinux-disable.patch
Type: text/x-patch
Size: 1320 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-livecd-list/attachments/20080219/29807d0f/attachment.bin>
More information about the Fedora-livecd-list
mailing list