-----Original Message-----
From: fedora-livecd-list-bounces(a)redhat.com on behalf of Peter Scheie
Sent: Tue 9/1/2009 4:12 PM
To: fedora-livecd-list(a)redhat.com
Subject: Re: [Fedora-livecd-list] selinux set to permissive in kickstart,but ISO says
it's in enforcing mode
On Tue, 2009-09-01 at 17:02 -0400, Patrice Guay wrote:
Peter Scheie wrote:
> I'm trying to build a Centos livecd that will mostly call anaconda with
> a kickstart file on an http server. I modified the
> centos-livecd-minimal.ks file, first adding system-config-network-tui to
> the %packages section to get networking, and the resulting ISO worked
> fine. Next I added anaconda to the %packages section. But the
> resulting ISO kernel panics saying "Unable to load SELinux Policy.
> Machine is in enforcing mode." I don't really need selinux for my
> purposes, so I changed the selinux setting in the ks file to
> --permissive, but I still get the same panic. Any ideas as to why the
> permissive setting isn't being picked up? Or what about adding anaconda
> (which admittedly adds a bunch of other packages) made it stop loading
> the policy file? Thanks.
>
> Peter
What is the current SELinux policy on the machine used to build the
LiveCD? As stated in the CentOS LiveCD documentation, "the build host
should have SELinux in permissive mode. Edit /etc/sysconfig/selinux and
restart the computer to enforce this policy."
--
SELINUX is already set to permissive, and SELINUXTYPE is set to targeted
in /etc/sysconfig/selinux. That's the first thing I checked, but it was
already set correctly.
Peter
----
I tested this on my home machine last night and got the same result. At home,
the host system where I build the livecd is also a Centos 5 VM running on VirtualBox
on top of Ubuntu. In the Centos's /etc/sysconfig/selinux, SELINUX was set to
disabled;
it was also set to disabled in the kickstart file used with livecd-creator. For
the record, I did a yum update before running livecd-creator. So, it appears
something in the anaconda package somehow changes the selinux setting. Any
ideas of how to fix that?
Peter