On Thu, 2008-05-15 at 13:50 -0400, Eric Paris wrote:
So I'm still stumbling along in the dark trying to get
livecd-creator to
build me a nice new F10 image inside an F10 host. I've actually got an
image that built and runs, but not without its issues.
my kickstart file has:
auth --enableshadow --enablemd5
rootpw redhat
but the livecd always has x for the password in /etc/password and * for
the password in /etc/shadow. No ideas here I must admit. I'm highly
doubtful its selinux since it happens in permissive and enforcing. I
have just been booting into single user, calling passwd, init 3, and
logging in to play around in my live image....
No ideas here - hopefully the livecd folks can help you with that one.
3 errors/issues/quirks in building/running my livecd
1) libsemanage.dbase_llist_query: could not query record value
I'm told empty table, but I don't know what that means
Looking at selinux-policy.spec, I see that it runs semanage login -l and
semanage user -l in its scriptlets. If it does that and there are no
user or login entries defined yet, then you'd get that error I think.
Not sure if that means that something went wrong earlier or if it is
normal/legitimate. Dan?
2) /usr/sbin/semanage: Invalid prefix user
This pops out when semanage calls:
if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) !=
0:
I assume this has to do with my bastardized /selinux inside the chroot.
Should we just make it != 0 && != -ENOENT or whatever the error is we
get there?
That should work, and this check should really be replaced by a new
libsemanage interface that checks against the target policy rather than
the host policy, like the mls enabled test.
3) When booting I get 3 messages that say:
inode_doinit_with_dentry: no dentry for dev=dm-0 ino=8345
The 3 inodes in question correspond to
/etc/udev
/etc/udev/rules.d
/etc/udev/rules.d/50-udev-default.rules
Happens when SELinux is setting up pre-existing inodes upon initial
policy load and it cannot find a dentry for the inode and thus cannot
invoke the ->getxattr method on it. Likely harmless. When/if the
files are subsequently looked up, the inodes should get set up at that
time upon the d_instantiate/d_splice_alias.
no clues where this is coming from. I don't see it when I booted
my
host system....
Anyway, at this point I want clues/help/suggestions on how to create my
hacked up /selinux inside the chroot. Right now all I'm going is
creating it on the host system and bind mounting it into the chroot. I
really should be creating this inside creator.py. All that needs to be
inside it is 3 files. copies of mls and policyvers from the host
system and load is a chrfile of /dev/null. I could just create those in
the livecd image and they will get mounted on top of when its running,
but I don't want to waste the 50 bytes or whatever it would take. Any
good suggests on how to build this temp? Or where I could clean it out
later?
-Eric
--
Stephen Smalley
National Security Agency