On Thu, Oct 22, 2009 at 10:42 PM, Jay Greguske <jgregusk(a)redhat.com> wrote:
Jay Greguske wrote:
> Jeremy Katz wrote:
>
>> On Fri, Sep 25, 2009 at 8:59 AM, Jay Greguske <jgregusk(a)redhat.com> wrote:
>>
>>
>>> Jeremy Katz wrote:
>>>
>>>
>>>> There have been some problems more recently with the booleans stuff if
>>>> SELinux isn't enabled. Does that all end up working correctly
still?
>>>>
>>>>
>>>>
>>> I'll look into it. Are there any you have in mind specifically?
>>>
>>>
>> Dan might remember better than I -- I vaguely remember that a lot of
>> the home directory bits and also some of the xguest stuff requires
>> working booleans
>>
>> - Jeremy
>>
>>
> I installed xguest to a running livecd (desktop ks file) and played with
> two booleans related to it: browser_write_xguest_data, and
> xguest_connect_network. With the former turned off the Guest account
> could not download files from random internet sites, and with the latter
> it couldn't connect at all, so I'd say they were functioning as
> expected. I'm pretty confident SELinux booleans are working correctly
> with these changes. If you have other tests to suggest I'd be happy to
> try them out.
>
> Thanks,
> - Jay
>
> --
> Fedora-livecd-list mailing list
> Fedora-livecd-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-livecd-list
>
>
Is there anything more I can do to scoot these changes along? I don't
want them to fall off radar...
We definitely need this patch - I got few files with unlabeled_t in
the image created with F12 livecd-tools (ovirt-node-image.ks)
I guess setfiles replacing restorecon in your patch is what fixes it.