On Tue, 2007-08-07 at 16:42 -0500, Douglas McClendon wrote:
This might be the wrong list to be asking this, but out of
curiosity-
Why can't relabeling be done if the host is running with selinux
disabled? (selinux=0)
It's just writing some metadata to the fs right? Seems like it should
be possible.
Because the kernel developers have deemed it unsafe to write out any
security xattrs which aren't understood by the kernel. The fact that
they then get mapped to unlabeled_t doesn't seem to make much
difference. Frankly, I think they're wrong, but lengthy attempts to
convince them in the past have been unsuccessful. Maybe it's worth
tilting at that windmill again. Dunno.
And on a seperate note, I agree that prelinking really ought to be
done
in %post. That's something that a kickstart user might be interested in
doing in the non-livecd case as well, for the same reasons, right?
Yep.
Jeremy