Re: [Libguestfs] [PATCH] Allow selinux=? and enforcing=? kernel flags to be controlled

On 12/08/09 16:48, Richard W.M. Jones wrote:
On Wed, Aug 12, 2009 at 04:32:48PM +0100, Matthew Booth wrote:
On 12/08/09 16:22, Richard W.M. Jones wrote:
This is a pretty uncontroversial patch which just allows the
selinux=? and enforcing=? flags on the kernel command line
to be controlled.

Currently libguestfs unconditionally passes selinux=0.  By default
this patch does the same thing, but allows programs to enable SELinux
in the kernel and/or set it to enforcing mode.
Patch looks ok except that we shouldn't include the enforcing flag. I
can't conceive of any reason we'd want SELinux in enforcing mode in the
appliance. If selinux=1, then assume enforcing=0.

Does it do any harm (now that I've written the code anyway)?

It adds another command line option to be maintained and documented.

Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490

