[Fedora-livecd-list] Re: Unnecessary SELinux Failure Condition?
Alan Pevec
apevec at gmail.com
Wed Dec 16 05:03:56 UTC 2009
I've just found one issue with the patch:
@@ -722,7 +714,6 @@ class ImageCreator(object):
kickstart.KeyboardConfig(self._instroot).apply(ksh.keyboard)
kickstart.TimezoneConfig(self._instroot).apply(ksh.timezone)
kickstart.AuthConfig(self._instroot).apply(ksh.authconfig)
- kickstart.SelinuxConfig(self._instroot).apply(ksh.selinux)
kickstart.FirewallConfig(self._instroot).apply(ksh.firewall)
kickstart.RootPasswordConfig(self._instroot).apply(ksh.rootpw)
kickstart.ServicesConfig(self._instroot).apply(ksh.services)
@@ -734,6 +725,9 @@ class ImageCreator(object):
self.__run_post_scripts()
+ # selinux should always come last
+ kickstart.SelinuxConfig(self._instroot).apply(ksh.selinux)
+
def launch_shell(self):
"""Launch a shell in the install root.
This reverts
http://git.fedorahosted.org/git/?p=livecd;a=commitdiff;h=d8c25944dde2de95a38c08fbb8e890295290ab21
Other issue is that pykickstart "selinux" command doesn't have --type option
to specify the policy and lokkit. assumes "targeted" if
--selinuxtype=<type> is not specified. SelinuxConfig should not touch
SELINUXTYPE already set in /etc/selinux/config by %post script.
To avoid lokkit side-effects, I'll amend the patch to use Augeas to modify
/etc/selinux/config
Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-livecd-list/attachments/20091216/e5b105fe/attachment.htm>
More information about the Fedora-livecd-list
mailing list