May 2008 - livecd - Fedora Mailing-Lists

F7 general question about livecd-creator and timezones

by Skunk Worx

My ks scripts have the timezone set to PDT (America/Los_Angeles). Installation to a hard drive works as expected. PDT in startup and in shells, etc. Creating a livecd-creator iso with the same tz setting, then booting, shows A/L_A in the /etc/sysconfig/clock file, as expected. However the date is always EDT in the boot messages, shells, etc. During startup I see : (lvm) Press I to enter interactive startup Setting clock (utc) Mon Jun 4 00:12:59 EDT 2007 (udev) I'm not clear on what is happening between lvm and udev in the Linux startup sequence. If someone could give me a hint about what to look for and where to look for it I would appreciate the help. --- John

14 years, 7 months

3
3
0 / 0

[PATCH] Refactor disk/mount classes to allow multi-partition/fs layouts

by David Huff

From: Daniel P. Berrange <berrange(a)redhat.com> --- imgcreate/creator.py | 17 ++-- imgcreate/fs.py | 247 ++++++++++++++++++++++++++++++++----------------- imgcreate/live.py | 6 +- 3 files changed, 174 insertions(+), 96 deletions(-) diff --git a/imgcreate/creator.py b/imgcreate/creator.py index 0d22b56..979e1b9 100644 --- a/imgcreate/creator.py +++ b/imgcreate/creator.py @@ -208,7 +208,11 @@ class ImageCreator(object): """ s = "/dev/root / %s defaults,noatime 0 0\n" %(self._fstype) - s += "devpts /dev/pts devpts gid=5,mode=620 0 0\n" + s += self._get_fstab_special() + return s + + def _get_fstab_special(self): + s = "devpts /dev/pts devpts gid=5,mode=620 0 0\n" s += "tmpfs /dev/shm tmpfs defaults 0 0\n" s += "proc /proc proc defaults 0 0\n" s += "sysfs /sys sysfs defaults 0 0\n" @@ -817,12 +821,11 @@ class LoopImageCreator(ImageCreator): if not base_on is None: shutil.copyfile(base_on, self._image) - self.__instloop = SparseExtLoopbackMount(self._image, - self._instroot, - self.__image_size, - self.__fstype, - self.__blocksize, - self.fslabel) + self.__instloop = ExtDiskMount(SparseLoopbackDisk(self._image, self.__image_size), + self._instroot, + self.__fstype, + self.__blocksize, + self.fslabel) try: self.__instloop.mount() diff --git a/imgcreate/fs.py b/imgcreate/fs.py index 9ca3a3e..e53cfa9 100644 --- a/imgcreate/fs.py +++ b/imgcreate/fs.py @@ -24,6 +24,7 @@ import stat import subprocess import random import string +import logging from imgcreate.errors import * @@ -86,42 +87,51 @@ class BindChrootMount: subprocess.call(["/bin/umount", self.dest]) self.mounted = False -class LoopbackMount: - def __init__(self, lofile, mountdir, fstype = None): - self.lofile = lofile - self.mountdir = mountdir - self.fstype = fstype +class Disk: + def __init__(self, size, device = None): + self._device = device + self._size = size - self.mounted = False - self.losetup = False - self.rmdir = False - self.loopdev = None + def create(self): + pass def cleanup(self): - self.unmount() - self.lounsetup() + pass - def unmount(self): - if self.mounted: - rc = subprocess.call(["/bin/umount", self.mountdir]) - if rc == 0: - self.mounted = False + def get_device(self): + return self._device + def set_device(self, path): + self._device = path + device = property(get_device, set_device) - if self.rmdir and not self.mounted: - try: - os.rmdir(self.mountdir) - except OSError, e: - pass - self.rmdir = False + def get_size(self): + return self._size + size = property(get_size) + + +class RawDisk(Disk): + def __init__(self, size, device): + Disk.__init__(self, size, device) + + def fixed(self): + return True + + def exists(self): + return True + +class LoopbackDisk(Disk): + def __init__(self, lofile, size): + Disk.__init__(self, size) + self.lofile = lofile + + def fixed(self): + return False - def lounsetup(self): - if self.losetup: - rc = subprocess.call(["/sbin/losetup", "-d", self.loopdev]) - self.losetup = False - self.loopdev = None + def exists(self): + return os.path.exists(self.lofile) - def loopsetup(self): - if self.losetup: + def create(self): + if self.device is not None: return losetupProc = subprocess.Popen(["/sbin/losetup", "-f"], @@ -132,40 +142,27 @@ class LoopbackMount: raise MountError("Failed to allocate loop device for '%s'" % self.lofile) - self.loopdev = losetupOutput.split()[0] + device = losetupOutput.split()[0] - rc = subprocess.call(["/sbin/losetup", self.loopdev, self.lofile]) + logging.debug("Losetup add %s mapping to %s" % (device, self.lofile)) + rc = subprocess.call(["/sbin/losetup", device, self.lofile]) if rc != 0: raise MountError("Failed to allocate loop device for '%s'" % self.lofile) + self.device = device - self.losetup = True - - def mount(self): - if self.mounted: + def cleanup(self): + if self.device is None: return + logging.debug("Losetup remove %s" % self.device) + rc = subprocess.call(["/sbin/losetup", "-d", self.device]) + self.device = None - self.loopsetup() - if not os.path.isdir(self.mountdir): - os.makedirs(self.mountdir) - self.rmdir = True - args = [ "/bin/mount", self.loopdev, self.mountdir ] - if self.fstype: - args.extend(["-t", self.fstype]) - - rc = subprocess.call(args) - if rc != 0: - raise MountError("Failed to mount '%s' to '%s'" % - (self.loopdev, self.mountdir)) - - self.mounted = True - -class SparseLoopbackMount(LoopbackMount): - def __init__(self, lofile, mountdir, size, fstype = None): - LoopbackMount.__init__(self, lofile, mountdir, fstype) - self.size = size +class SparseLoopbackDisk(LoopbackDisk): + def __init__(self, lofile, size): + LoopbackDisk.__init__(self, lofile, size) def expand(self, create = False, size = None): flags = os.O_WRONLY @@ -176,6 +173,7 @@ class SparseLoopbackMount(LoopbackMount): if size is None: size = self.size + logging.debug("Extending sparse file %s to %d" % (self.lofile, size)) fd = os.open(self.lofile, flags) os.lseek(fd, size, 0) @@ -185,36 +183,107 @@ class SparseLoopbackMount(LoopbackMount): def truncate(self, size = None): if size is None: size = self.size + + logging.debug("Truncating sparse file %s to %d" % (self.lofile, size)) fd = os.open(self.lofile, os.O_WRONLY) os.ftruncate(fd, size) os.close(fd) def create(self): self.expand(create = True) + LoopbackDisk.create(self) + +class Mount: + def __init__(self, mountdir): + self.mountdir = mountdir + + def cleanup(self): + self.unmount() + + def mount(self): + pass + + def unmount(self): + pass + +class DiskMount(Mount): + def __init__(self, disk, mountdir, fstype = None, rmmountdir = True): + Mount.__init__(self, mountdir) + + self.disk = disk + self.fstype = fstype + self.rmmountdir = rmmountdir + + self.mounted = False + self.rmdir = False + + def cleanup(self): + Mount.cleanup(self) + self.disk.cleanup() + + def unmount(self): + if self.mounted: + logging.debug("Unmounting directory %s" % self.mountdir) + rc = subprocess.call(["/bin/umount", self.mountdir]) + if rc == 0: + self.mounted = False + + if self.rmdir and not self.mounted: + try: + os.rmdir(self.mountdir) + except OSError, e: + pass + self.rmdir = False + + + def __create(self): + self.disk.create() + -class SparseExtLoopbackMount(SparseLoopbackMount): - def __init__(self, lofile, mountdir, size, fstype, blocksize, fslabel): - SparseLoopbackMount.__init__(self, lofile, mountdir, size, fstype) + def mount(self): + if self.mounted: + return + + if not os.path.isdir(self.mountdir): + logging.debug("Creating mount point %s" % self.mountdir) + os.makedirs(self.mountdir) + self.rmdir = self.rmmountdir + + self.__create() + + logging.debug("Mounting %s at %s" % (self.disk.device, self.mountdir)) + args = [ "/bin/mount", self.disk.device, self.mountdir ] + if self.fstype: + args.extend(["-t", self.fstype]) + + rc = subprocess.call(args) + if rc != 0: + raise MountError("Failed to mount '%s' to '%s'" % + (self.disk.device, self.mountdir)) + + self.mounted = True + +class ExtDiskMount(DiskMount): + def __init__(self, disk, mountdir, fstype, blocksize, fslabel, rmmountdir=True): + DiskMount.__init__(self, disk, mountdir, fstype, rmmountdir) self.blocksize = blocksize self.fslabel = fslabel def __format_filesystem(self): + logging.debug("Formating %s filesystem on %s" % (self.fstype, self.disk.device)) rc = subprocess.call(["/sbin/mkfs." + self.fstype, "-F", "-L", self.fslabel, "-m", "1", "-b", str(self.blocksize), - self.lofile, - str(self.size / self.blocksize)]) + self.disk.device]) + # str(self.disk.size / self.blocksize)]) if rc != 0: raise MountError("Error creating %s filesystem" % (self.fstype,)) + logging.debug("Tuning filesystem on %s" % self.disk.device) subprocess.call(["/sbin/tune2fs", "-c0", "-i0", "-Odir_index", - "-ouser_xattr,acl", self.lofile]) - - def create(self): - SparseLoopbackMount.create(self) - self.__format_filesystem() + "-ouser_xattr,acl", self.disk.device]) - def resize(self, size = None): - current_size = os.stat(self.lofile)[stat.ST_SIZE] + def __resize_filesystem(self, size = None): + current_size = os.stat(self.disk.lofile)[stat.ST_SIZE] if size is None: size = self.size @@ -227,21 +296,28 @@ class SparseExtLoopbackMount(SparseLoopbackMount): self.__fsck() - resize2fs(self.lofile, size) - - if size < current_size: - self.truncate(size) + resize2fs(self.disk.lofile, size) return size - def mount(self): - if not os.path.isfile(self.lofile): - self.create() + def __create(self): + resize = False + if not self.disk.fixed() and self.disk.exists(): + resize = True + + self.disk.create() + + if resize: + self.__resize_filesystem() else: - self.resize() - return SparseLoopbackMount.mount(self) + self.__format_filesystem() + + def mount(self): + self.__create() + DiskMount.mount(self) def __fsck(self): - subprocess.call(["/sbin/e2fsck", "-f", "-y", self.lofile]) + logging.debug("Checking filesystem %s" % self.disk.lofile) + subprocess.call(["/sbin/e2fsck", "-f", "-y", self.disk.lofile]) def __get_size_from_filesystem(self): def parse_field(output, field): @@ -253,7 +329,7 @@ class SparseExtLoopbackMount(SparseLoopbackMount): dev_null = os.open("/dev/null", os.O_WRONLY) try: - out = subprocess.Popen(['/sbin/dumpe2fs', '-h', self.lofile], + out = subprocess.Popen(['/sbin/dumpe2fs', '-h', self.disk.lofile], stdout = subprocess.PIPE, stderr = dev_null).communicate()[0] finally: @@ -273,7 +349,7 @@ class SparseExtLoopbackMount(SparseLoopbackMount): while top != (bot + 1): t = bot + ((top - bot) / 2) - if not resize2fs(self.lofile, t): + if not resize2fs(self.disk.lofile, t): top = t else: bot = t @@ -306,8 +382,8 @@ class DeviceMapperSnapshot(object): if self.__created: return - self.imgloop.loopsetup() - self.cowloop.loopsetup() + self.imgloop.create() + self.cowloop.create() self.__name = "imgcreate-%d-%d" % (os.getpid(), random.randint(0, 2**16)) @@ -315,8 +391,8 @@ class DeviceMapperSnapshot(object): size = os.stat(self.imgloop.lofile)[stat.ST_SIZE] table = "0 %d snapshot %s %s p 8" % (size / 512, - self.imgloop.loopdev, - self.cowloop.loopdev) + self.imgloop.device, + self.cowloop.device) args = ["/sbin/dmsetup", "create", self.__name, "--table", table] if subprocess.call(args) != 0: @@ -382,15 +458,14 @@ class DeviceMapperSnapshot(object): # 8) Create a squashfs of the COW # def create_image_minimizer(path, image, minimal_size): - imgloop = LoopbackMount(image, "None") + imgloop = LoopbackDisk(image, None) # Passing bogus size - doesn't matter - cowloop = SparseLoopbackMount(os.path.join(os.path.dirname(path), "osmin"), - None, 64L * 1024L * 1024L) + cowloop = SparseLoopbackDisk(os.path.join(os.path.dirname(path), "osmin"), + 64L * 1024L * 1024L) snapshot = DeviceMapperSnapshot(imgloop, cowloop) try: - cowloop.create() snapshot.create() resize2fs(snapshot.path, minimal_size) diff --git a/imgcreate/live.py b/imgcreate/live.py index 03a5466..e25e8cd 100644 --- a/imgcreate/live.py +++ b/imgcreate/live.py @@ -131,7 +131,7 @@ class LiveImageCreatorBase(LoopImageCreator): # def __base_on_iso(self, base_on): """helper function to extract ext3 file system from a live CD ISO""" - isoloop = LoopbackMount(base_on, self._mkdtemp()) + isoloop = Mount(LoopbackDisk(base_on), self._mkdtemp()) try: isoloop.mount() @@ -145,10 +145,10 @@ class LiveImageCreatorBase(LoopImageCreator): else: squashimg = isoloop.mountdir + "/LiveOS/squashfs.img" - squashloop = LoopbackMount(squashimg, self._mkdtemp(), "squashfs") + squashloop = Mount(LoopbackDisk(squashimg), self._mkdtemp(), "squashfs") try: - if not os.path.exists(squashloop.lofile): + if not squashloop.disk.exists(): raise CreatorError("'%s' is not a valid live CD ISO : " "squashfs.img doesn't exist" % base_on) -- 1.5.4.3

15 years, 4 months

5
24
0 / 0

failing at my first attempt at liveCD creation

by Fulko Hew

I'm failing at my first attempt at creating (or recreating) a live CD - I'm using Fedora 8 (because I don't find KDE in F9 usable yet) - I have SELinux disabled. Following the process described in the LiveCDHowTo, well, actually the step: livecd-creator --config=/usr/share/livecd-tools/livecd-fedora-minimal.ks resulted in a complaint about SELinux not being enabled on the host system... Right, so I edited the '.ks' file and set selinux=--disabled This let it proceed through the build stage with the following errors: Installing: info ##################### [ 29/129] /var/tmp/rpm-tmp.42253: line 2: sed: command not found error: %post(info-4.12-1.fc10.i386) scriptlet failed, exit status 127 ... Installing: cracklib ##################### [ 45/129] /var/tmp/rpm-tmp.50225: line 2: getent: command not found /var/tmp/rpm-tmp.50225: line 3: getent: command not found ... Installing: kernel ##################### [124/129] device-mapper: table ioctl failed: No such device or address Command failed ... Installing: selinux-policy-targeted ##################### [129/129] libsemanage.dbase_llist_query: could not query record value libsepol.sepol_user_modify: MLS is enabled, but no MLS default level was defined for user guest_u libsepol.sepol_user_modify: could not load (null) into policy libsemanage.dbase_policydb_modify: could not modify record value libsemanage.semanage_base_merge_components: could not merge local modifications into policy /usr/sbin/semanage: Could not add SELinux user guest_u libsepol.sepol_user_modify: MLS is enabled, but no MLS default level was defined for user xguest_u libsepol.sepol_user_modify: could not load (null) into policy libsemanage.dbase_policydb_modify: could not modify record value libsemanage.semanage_base_merge_components: could not merge local modifications into policy /usr/sbin/semanage: Could not add SELinux user xguest_u Removing password for user root. passwd: Success Then I used the specified command to execute the ISO image: qemu -m 512 -cdrom livecd-fulko-200805241043.iso The first time I followed the procedure (a few days ago) to build the ISO and execute it, it wouldn't even boot. Today I retried the same procedure, and today it boots, but after it get to the point of starting udev, something flashes by on the screen (qemu window) and then the window goes black, and I can't see anything after that. I seems hung. So then I tried recreating the 'livecd-fedora-desktop.ks' version as per instructions and it dies with: Installing: tzdata ################### [ 21/1019] umount: /var/tmp/livecd-creator-PxlU8W/install_root: device is busy umount: /var/tmp/livecd-creator-PxlU8W/install_root: device is busy ioctl: LOOP_CLR_FD: Device or resource busy Traceback (most recent call last): File "/usr/bin/livecd-creator", line 1603, in <module> sys.exit(main()) File "/usr/bin/livecd-creator", line 1575, in main target.install() File "/usr/bin/livecd-creator", line 948, in install self.installPackages() File "/usr/bin/livecd-creator", line 591, in installPackages self.ayum.runInstall() File "/usr/bin/livecd-creator", line 330, in runInstall return self.runTransaction(cb) File "/usr/lib/python2.5/site-packages/yum/__init__.py", line 591, in runTransaction errors = self.ts.run(cb.callback, '') File "/usr/share/yum-cli/callback.py", line 124, in callback fd = os.open(rpmloc, os.O_RDONLY) OSError: [Errno 2] No such file or directory: '/var/tmp/livecd-creator-PxlU8W/install_root/var/cache/yum/development/packages/texlive-texmf-errata-fonts-2007-4.fc9.noarch.rpm' So I'm at a loss as to how to proceed to start testing this process even before I add my own customizations. Any help would be appreciated. TIA Fulko

15 years, 6 months

4
13
0 / 0

2 commits - imgcreate/creator.py tools/livecd-iso-to-disk.sh

by Jeremy Katz

imgcreate/creator.py | 37 ++++++++++++++++++++----------------- tools/livecd-iso-to-disk.sh | 6 +++++- 2 files changed, 25 insertions(+), 18 deletions(-) New commits: commit fd5652933c0a49f8961d17bee5f0526bf1676a14 Author: Jeremy Katz <katzj(a)redhat.com> Date: Thu May 29 17:04:41 2008 -0400 Allow isos to be blockdevs or regular files diff --git a/tools/livecd-iso-to-disk.sh b/tools/livecd-iso-to-disk.sh index 9676633..69e97e3 100644 --- a/tools/livecd-iso-to-disk.sh +++ b/tools/livecd-iso-to-disk.sh @@ -188,7 +188,11 @@ done ISO=$(readlink -f "$1") USBDEV=$2 -if [ -z "$ISO" -o ! -f "$ISO" ]; then +if [ -z "$ISO" ]; then + usage +fi + +if [ ! -b "$ISO" -a ! -f "$ISO" ]; then usage fi commit 6e221ba27ed5a6c5a79ac1fbb7cfc5e11566e080 Author: Jeremy Katz <katzj(a)redhat.com> Date: Thu May 29 08:53:25 2008 -0400 Move minimal /dev creation into a method diff --git a/imgcreate/creator.py b/imgcreate/creator.py index fc4298b..5d010a1 100644 --- a/imgcreate/creator.py +++ b/imgcreate/creator.py @@ -403,6 +403,24 @@ class ImageCreator(object): fstab.write(self._get_fstab()) fstab.close() + def __create_minimal_dev(self): + """Create a minimal /dev so that we don't corrupt the host /dev""" + origumask = os.umask(0000) + devices = (('null', 1, 3, 0666), + ('urandom',1, 9, 0666), + ('random', 1, 8, 0666), + ('full', 1, 7, 0666), + ('ptmx', 5, 2, 0666), + ('tty', 5, 0, 0666), + ('zero', 1, 5, 0666)) + for (node, major, minor, perm) in devices: + os.mknod(self._instroot + "/dev/" + node, perm | stat.S_IFCHR, os.makedev(major,minor)) + os.symlink('/proc/self/fd', self._instroot + "/dev/fd") + os.symlink('/proc/self/fd/0', self._instroot + "/dev/stdin") + os.symlink('/proc/self/fd/1', self._instroot + "/dev/stdout") + os.symlink('/proc/self/fd/2', self._instroot + "/dev/stderr") + os.umask(origumask) + def mount(self, base_on = None, cachedir = None): """Setup the target filesystem in preparation for an install. @@ -444,25 +462,10 @@ class ImageCreator(object): if kickstart.selinux_enabled(self.ks): self.__bindmounts.append(BindChrootMount("/selinux", self._instroot, None)) - # Create minimum /dev - origumask = os.umask(0000) - devices = [('null', 1, 3, 0666), - ('urandom',1, 9, 0666), - ('random', 1, 8, 0666), - ('full', 1, 7, 0666), - ('ptmx', 5, 2, 0666), - ('tty', 5, 0, 0666), - ('zero', 1, 5, 0666)] - for (node, major, minor, perm) in devices: - os.mknod(self._instroot + "/dev/" + node, perm | stat.S_IFCHR, os.makedev(major,minor)) - os.symlink('/proc/self/fd', self._instroot + "/dev/fd") - os.symlink('/proc/self/fd/0', self._instroot + "/dev/stdin") - os.symlink('/proc/self/fd/1', self._instroot + "/dev/stdout") - os.symlink('/proc/self/fd/2', self._instroot + "/dev/stderr") - os.umask(origumask) - self._do_bindmounts() + self.__create_minimal_dev() + os.symlink("../proc/mounts", self._instroot + "/etc/mtab") self.__write_fstab()

15 years, 6 months

1
0
0 / 0

livecd-iso-to-disk broken in F9?

by Todd N

Hello, We are trying to use the livecd-iso-to-disk script in Fedora 9 to create a bootable USB drive. When running this script from a command prompt: # ./livecd-iso-to-disk all we get back is a line showing the command usage. However, the same command entered in Fedora 8, or even in Fedora 9 Beta, works fine. Has anyone else had this issue? Thanks Todd

15 years, 6 months

2
6
0 / 0

Re: [RFC] Livecd-creator and selinux, we can play nice

by Bill Nottingham

Daniel J Walsh (dwalsh(a)redhat.com) said: > Well I think we need to do a couple of these to figure out the common > requirements. > > I envision mock to be quite different then livecd. I think we need to > full the mock chroot to think SELinux is disabled and to do no labeling > in the chroot. This would allow us to confine the mock process to be > able to write to the chroot and label the chroot mock_rw_t. We could > then use SELinux to prevent mock environments from breaking out of the > chroot, and stop mock environments from doing evil network things within > the chroot. > > In livecd we need to be able to put down labels that the host machine > does not understand. The problem is that mock can be used to do non-build things. (For example, creating the anaconda install images.) Bill

15 years, 6 months

1
0
0 / 0

Re: [RFC] Livecd-creator and selinux, we can play nice

by Jeremy Katz

Eric Paris wrote: > So I've spent a fair bit of time the last 2 weeks trying to get > livecd-creator and an selinux enforcing machine to play nicely together. > It doesn't look like much, but from the point of view of the livecd > creator I think the following patch is all we need. Working with > rawhide as the host system I was able to build F8, F9 and rawhide > livecd's with an enforcing machine. > > I wouldn't suggest jumping into enfocing builds just yet as there are > still some policy issues I need to work out with the selinux people but > I would like comments. Basically its quite simple, if selinux is on the > host we create a fake /selinux which tells the install chroot lies. > I've had to make some changes to some selinux libraries to support all > this, but I think we are just about there. Very cool and definitely long needed. Thanks for taking the time to really dive into this. And this is far simpler than the approach I had started looking at once upon a time (... which involved fuse) A few comments on the patch > diff -Naupr /usr/lib/python2.5/site-packages/imgcreate/creator.py /root/imgcreate-5-28-08/creator.py > --- /usr/lib/python2.5/site-packages/imgcreate/creator.py 2008-05-06 12:16:08.000000000 -0400 > +++ /root/imgcreate-5-28-08/creator.py 2008-05-28 15:48:30.000000000 -0400 > @@ -460,6 +457,37 @@ class ImageCreator(object): > os.symlink('/proc/self/fd/2', self._instroot + "/dev/stderr") > os.umask(origumask) > > + # if selinux exists on the host we need to lie to the chroot > + if os.path.exists("/selinux/enforce"): > + selinux_dir = self._instroot + "/selinux" > + > + # enforce=0 tells the chroot selinux is not enforcing > + # policyvers=99 tell the chroot to make the highest version of policy it can > + files = [('/enforce', '0'), > + ('/policyvers', '99')] Does the kernel guarantee that 99 will be the highest version of policy? Not that it likely matters much. Also, having this as a tuple rather than a list makes it marginally faster since we're never going to modify it > + for (file, value) in files: > + fd = os.open(selinux_dir + file, os.O_WRONLY | os.O_TRUNC | os.O_CREAT) > + os.write(fd, value) > + os.close(fd) > + > + # we steal mls from the host system for now, might be best to always set it to 1???? > + files = ["/selinux/mls"] > + for file in files: > + shutil.copyfile(file, self._instroot + file) > + > + # make /load -> /dev/null so chroot policy loads don't hurt anything > + os.mknod(selinux_dir + "/load", 0666 | stat.S_IFCHR, os.makedev(1, 3)) This being the big win :) > + # selinux is on whoo hooo > + if kickstart.selinux_enabled(self.ks): > + # label the fs like it is a root before the bind mounting > + cmd = "/sbin/setfiles -F -r %s %s %s" % (self._instroot, selinux.selinux_file_context_path(), self._instroot) > + os.system(cmd) > + # these dumb things don't get magically fixed, so make the user generic > + for f in ["/proc", "/sys", "/selinux"]: > + cmd = "chcon -u system_u %s" % (self._instroot + f) > + os.system(cmd) os.system is generally not preferred -- using the subprocess module is a lot safer. Also, overall it might be nice to encapsulate the /selinux creation here into its own __create_selinuxfs() method that gets called. /me makes a note to do that to the /dev creation too. > @@ -853,6 +881,18 @@ class LoopImageCreator(ImageCreator): > (self._image, e)) > > def _unmount_instroot(self): > + # if the system was running selinux clean up our lies > + if os.path.exists("/selinux/enforce"): > + files = ['/enforce', > + '/policyvers', > + '/mls', > + '/load'] Again a tuple versus a list > + for file in files: > + try: > + os.unlink(self._instroot + "/selinux" + file) > + except OSError: > + pass And again having it in a method is probably the nice thing to do. And I know I said to stick it into _unmount_instroot, but seeing where you've put the mount side, it probably makes more sense in unmount() instead Jeremy

15 years, 6 months

1
0
0 / 0

Re: [RFC] Livecd-creator and selinux, we can play nice

by Seth Vidal

On Wed, 2008-05-28 at 16:11 -0400, Eric Paris wrote: > > My concern is this is a normal occurence (needing a chroot) > > Yes and no.... > sure looks like we'd need to make sure: yum, mock and rpm all know how to set this up given how it would impact chroot creation. We may want to drop this back to the lowest level chroot creation. -sv

15 years, 6 months

2
1
0 / 0

Re: [RFC] Livecd-creator and selinux, we can play nice

by Bill Nottingham

Eric Paris (eparis(a)redhat.com) said: > So I've spent a fair bit of time the last 2 weeks trying to get > livecd-creator and an selinux enforcing machine to play nicely together. > It doesn't look like much, but from the point of view of the livecd > creator I think the following patch is all we need. Working with > rawhide as the host system I was able to build F8, F9 and rawhide > livecd's with an enforcing machine. > > I wouldn't suggest jumping into enfocing builds just yet as there are > still some policy issues I need to work out with the selinux people but > I would like comments. Basically its quite simple, if selinux is on the > host we create a fake /selinux which tells the install chroot lies. > I've had to make some changes to some selinux libraries to support all > this, but I think we are just about there. > > I'll probably backport some of the kernel changes to F9 after they are > all tested and better settled but for now I'd like input on my livecd > changes.... My concern is this is a normal occurence (needing a chroot) that you're only patching in one place. Do we code this same logic into mock? Into pungi? Into yum --installroot? Into the documentation for admins on how to set up a chroot? (Also, for general use, we need this in a RHEL 5 kernel. Fun!) Bill

15 years, 6 months

1
0
0 / 0

Custom kickstart/spins initial help

by Pedro Silva

Hi all! I've been playing with livecd tools since f8 and I'm really enjoying all the stuff that it allows me to do. I use it mostly to build custom live cds, dvds and usb sticks. I just pick a stock kickstart file that comes with fedora, add some repos, change locale/keyboard/timezone and increase the list of packages. Works great! Great way to test rawhide too. Recently, I built a kickstart file that creates a livecd that allows me to use livecd tools. I can boot any machine with this livecd and start building more images using livecd tools. Hint: If you are trying to use network storage with livecd tools, forget smb/cifs shares, go for nfs. My livecd-creator process was crashing hard when I used smb/cifs shares for --cache and --tmpdir options in livecd-creator. When I switched to nfs, everything worked ok. I've also created a fedora account because I would like to contribute to the livecd/dvd project. I've also uploaded the necessary ssh/pgp keys. I never used git before, although I know what it is. I joined this mailing list yesterday and I already saw something I would like to do. Regarding the email about a Brazilian localized spin of Fedora, I would like to do the same but for a Portuguese spin. Can anyone give some initial tips to help me contribute? Regards, -- Pedro Silva

15 years, 6 months

2
2
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

livecd May 2008