> Actually, I did execute restorecon on a non-SELinux running image
(see
> previous posts on this very thread) and it worked pretty damn well!
>
> It works without me doing anything in particular - just executing
> restorecon and semodule in the %post section of the kickstart file - no
> problem!
>
rpm -q -f `which restorecon`
grep selinuxfs /proc/filesystems
restorecon checks is_selinux_enabled() and bails if it is not
successful. Just tested it again on F13, and it has been true for a
very long time
Let me make sure we are on the same page - the SELinux on the system
I
am running to build the image is enabled (in enforced mode) and running
the targeted policy.
The commands I am executing (semodule, semanage, restorecon etc) are ran
in the %post section of my kickstart file (the file, which is executed
and used to build that image) - these commands are basically executed in
chroot-ed environment (on the image file) just after it has been created
and all software, including SELinux + targeted policy, is installed (the
SELinux there is enabled and ready for using the targeted policy, but it
is NOT running as nothing is loaded - it is just an image with about
200+MB worth of files in it).
All of the above SELinux commands run successfully without any problem
whatsoever.
I have verified that and I am 100% certain they are doing the job they
are supposed to be doing on the image file (with the 'dead' SELinux
system). So, if you are thinking that is not possible, you are quite
simply wrong, because it is clear to me that is not the case - I saw
this with my own eyes!