Hi,
We use python-imgcreate to build OLPC images: http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/base/build.4... and we distribute this to our customers to build their own, customised images too.
Under F17, we aren't able to build images in this way when selinux is enforcing on the host system.
When packages get installed and want to run ldconfig or groupadd, selinux blocks them. audit.log says e.g.:
type=SELINUX_ERR msg=audit(1338332428.453:68272): security_compute_sid: invalid context unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=process type=SYSCALL msg=audit(1338332428.453:68272): arch=40000003 syscall=11 success=no exit=-13 a0=994dc48 a1=994c2f8 a2=994bfa0 a3=994c2f8 items=0 ppid=19050 pid=19051 auid=1009 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=5527 comm="sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
Is this a known issue?
Thanks, Daniel
On Tue, May 29, 2012 at 7:04 PM, Daniel Drake dsd@laptop.org wrote:
Hi,
We use python-imgcreate to build OLPC images:
http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/base/build.4... and we distribute this to our customers to build their own, customised images too.
Under F17, we aren't able to build images in this way when selinux is enforcing on the host system.
When packages get installed and want to run ldconfig or groupadd, selinux blocks them. audit.log says e.g.:
type=SELINUX_ERR msg=audit(1338332428.453:68272): security_compute_sid: invalid context unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 for scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=process type=SYSCALL msg=audit(1338332428.453:68272): arch=40000003 syscall=11 success=no exit=-13 a0=994dc48 a1=994c2f8 a2=994bfa0 a3=994c2f8 items=0 ppid=19050 pid=19051 auid=1009 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=5527 comm="sh" exe="/usr/bin/bash" subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
Is this a known issue?
Thanks, Daniel
There is this recent thread in the Anaconda list: https://www.redhat.com/archives/anaconda-devel-list/2012-May/msg00315.html
--Fred
livecd@lists.fedoraproject.org