[Fedora-livecd-list] Re: Unnecessary SELinux Failure Condition?
Alan Pevec
apevec at gmail.com
Wed Nov 25 23:12:42 UTC 2009
On Thu, Oct 22, 2009 at 10:42 PM, Jay Greguske <jgregusk at redhat.com> wrote:
> Jay Greguske wrote:
>> Jeremy Katz wrote:
>>
>>> On Fri, Sep 25, 2009 at 8:59 AM, Jay Greguske <jgregusk at redhat.com> wrote:
>>>
>>>
>>>> Jeremy Katz wrote:
>>>>
>>>>
>>>>> There have been some problems more recently with the booleans stuff if
>>>>> SELinux isn't enabled. Does that all end up working correctly still?
>>>>>
>>>>>
>>>>>
>>>> I'll look into it. Are there any you have in mind specifically?
>>>>
>>>>
>>> Dan might remember better than I -- I vaguely remember that a lot of
>>> the home directory bits and also some of the xguest stuff requires
>>> working booleans
>>>
>>> - Jeremy
>>>
>>>
>> I installed xguest to a running livecd (desktop ks file) and played with
>> two booleans related to it: browser_write_xguest_data, and
>> xguest_connect_network. With the former turned off the Guest account
>> could not download files from random internet sites, and with the latter
>> it couldn't connect at all, so I'd say they were functioning as
>> expected. I'm pretty confident SELinux booleans are working correctly
>> with these changes. If you have other tests to suggest I'd be happy to
>> try them out.
>>
>> Thanks,
>> - Jay
>>
>> --
>> Fedora-livecd-list mailing list
>> Fedora-livecd-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-livecd-list
>>
>>
> Is there anything more I can do to scoot these changes along? I don't
> want them to fall off radar...
>
We definitely need this patch - I got few files with unlabeled_t in
the image created with F12 livecd-tools (ovirt-node-image.ks)
I guess setfiles replacing restorecon in your patch is what fixes it.
More information about the Fedora-livecd-list
mailing list