[Fedora-livecd-list] Re: Unnecessary SELinux Failure Condition?
Jeremy Katz
katzj at fedoraproject.org
Fri Sep 25 03:28:46 UTC 2009
On Fri, Sep 18, 2009 at 10:26 AM, Jay Greguske <jgregusk at redhat.com> wrote:
> Daniel J Walsh wrote:
>> On 09/11/2009 04:47 PM, Jay Greguske wrote:
>>> While using livecd-creator and poking around the code, I found a check
>>> that I don't understand the reason for. livecd-creator will bail out if
>>> the host has SELinux disabled and the kickstart file requests it be
>>> enabled. Why is that? I would think that if SELinux was disabled but you
>>> still had the policy available, that would be all you need to build a
>>> properly labeled image.
[snip]
>>> Perhaps the failure condition is no longer necessary?
>>>
>> Yes I think that is no longer necessary. And it should definitely be supported.
>>
> Attached is a cleaner patch that removes the check and some other
> unnecessary code (thanks Dan). With this users should be able to build
> livecd images that have SELinux enabled on an SELinux-disabled host.
> I've tested this on an F10 system with an F10 and a RHEL 5 kernel. Both
> kernels I was able to build images with the SELinux enabled and disabled
> on the host (but always enabled in the kickstart file).
There have been some problems more recently with the booleans stuff if
SELinux isn't enabled. Does that all end up working correctly still?
I'm not fundamentally opposed to the patch; it's just historically
been something which didn't work.
- Jeremy
More information about the Fedora-livecd-list
mailing list