[Fedora-livecd-list] [PATCH] fix SelinuxConfig firewall side-effect

Alan Pevec apevec at redhat.com
Tue Jul 22 03:20:10 UTC 2008 

firewall --disabled is ignored:
SelinuxConfig is running lokkit with SEL options only
and --enabled (for firewall) is the default

patch for livecd-tools-017.1-1.fc9 i.e. f9-branch in livecd git

Signed-off-by: Alan Pevec <apevec at redhat.com>
---
 imgcreate/creator.py   |    3 +--
 imgcreate/kickstart.py |    9 ++++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/imgcreate/creator.py b/imgcreate/creator.py
index 4c22ac6..d799f0f 100644
--- a/imgcreate/creator.py
+++ b/imgcreate/creator.py
@@ -702,13 +702,12 @@ class ImageCreator(object):
         kickstart.KeyboardConfig(self._instroot).apply(ksh.keyboard)
         kickstart.TimezoneConfig(self._instroot).apply(ksh.timezone)
         kickstart.AuthConfig(self._instroot).apply(ksh.authconfig)
-        kickstart.FirewallConfig(self._instroot).apply(ksh.firewall)
         kickstart.SelinuxConfig(self._instroot).apply(ksh.selinux)
+        kickstart.FirewallConfig(self._instroot).apply(ksh.firewall)
         kickstart.RootPasswordConfig(self._instroot).apply(ksh.rootpw)
         kickstart.ServicesConfig(self._instroot).apply(ksh.services)
         kickstart.XConfig(self._instroot).apply(ksh.xconfig)
         kickstart.NetworkConfig(self._instroot).apply(ksh.network)
-        kickstart.SelinuxConfig(self._instroot).apply(ksh.selinux)
 
         self._create_bootconfig()
 
diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py
index 2331626..8cddef0 100644
--- a/imgcreate/kickstart.py
+++ b/imgcreate/kickstart.py
@@ -169,12 +169,15 @@ class FirewallConfig(KickstartConfig):
         #
         # FIXME: should handle the rest of the options
         #
-        if not ksfirewall.enabled:
-            return
         if not os.path.exists(self.path("/usr/sbin/lokkit")):
             return
+        if ksfirewall.enabled:
+            status = "--enabled"
+        else:
+            status = "--disabled"
+
         self.call(["/usr/sbin/lokkit",
-                   "-f", "--quiet", "--nostart", "--enabled"])
+                   "-f", "--quiet", "--nostart", status])
         
 class RootPasswordConfig(KickstartConfig):
     """A class to apply a kickstart root password configuration to a system."""
-- 
1.5.5.1

More information about the Fedora-livecd-list mailing list