[Libguestfs] [PATCH] Allow selinux=? and enforcing=? kernel flags to be controlled
Richard W.M. Jones
rjones at redhat.com
Wed Aug 12 16:22:27 UTC 2009
On Wed, Aug 12, 2009 at 04:48:03PM +0100, Richard W.M. Jones wrote:
> On Wed, Aug 12, 2009 at 04:32:48PM +0100, Matthew Booth wrote:
> > On 12/08/09 16:22, Richard W.M. Jones wrote:
> >> This is a pretty uncontroversial patch which just allows the
> >> selinux=? and enforcing=? flags on the kernel command line
> >> to be controlled.
> >>
> >> Currently libguestfs unconditionally passes selinux=0. By default
> >> this patch does the same thing, but allows programs to enable SELinux
> >> in the kernel and/or set it to enforcing mode.
> >
> > Patch looks ok except that we shouldn't include the enforcing flag. I
> > can't conceive of any reason we'd want SELinux in enforcing mode in the
> > appliance. If selinux=1, then assume enforcing=0.
>
> Does it do any harm (now that I've written the code anyway)?
OK, I'm going to push this _without_ the enforcing part (except that
if selinux=1 it will always set enforcing=0).
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 75 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
More information about the Libguestfs
mailing list