On Tue, May 29, 2012 at 7:04 PM, Daniel Drake <dsd@laptop.org> wrote:
Hi,
We use python-imgcreate to build OLPC images:
http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/base/build.40.imagecreate.py
and we distribute this to our customers to build their own, customised
images too.
Under F17, we aren't able to build images in this way when selinux is
enforcing on the host system.
When packages get installed and want to run ldconfig or groupadd,
selinux blocks them.
audit.log says e.g.:
type=SELINUX_ERR msg=audit(1338332428.453:68272):
security_compute_sid: invalid context
unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023
tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1338332428.453:68272): arch=40000003 syscall=11
success=no exit=-13 a0=994dc48 a1=994c2f8 a2=994bfa0 a3=994c2f8
items=0 ppid=19050 pid=19051 auid=1009 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=5527 comm="sh"
exe="/usr/bin/bash"
subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
Is this a known issue?
Thanks,
Daniel
There is this recent thread in the Anaconda list:
https://www.redhat.com/archives/anaconda-devel-list/2012-May/msg00315.html
--Fred