[fedora-arm] selinux issue on new images

Wed Oct 17 06:36:09 UTC 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El Wed, 17 Oct 2012 00:14:24 -0500
"David A. Marlin" <dmarlin at redhat.com> escribió:
> 
> I've been building test images for ARM systems and have hit an issue.
> 
> I created an image for Trim Slice today, and it failed to let me log 
> in.  The error was:
> 
>     -- root: no shell: Permission denied
> 
> I checked and the image had:
> 
>     SELINUX=enforcing
>     SELINUXTYPE=targeted
> 
> This surprised me because in the kickstart I explicitly select:
> 
>     selinux --permissive
> 
> and in the anaconda program log I see:
> 
>     INFO program: Running... /usr/sbin/lokkit --selinux=permissive
> 
> but on the final image selinux is set to enforcing.  I don't know
> what is changing the setting.
> 
> Oddly enough, images I created last week did not exhibit this
> behavior. The final image had:
> 
>     SELINUX=permissive
>     SELINUXTYPE=targeted
> 
> just as the kickstart file specified.
> 
> I assume that some package has changed in the F18 development repos 
> since last week to cause this, but I have no idea which package.
> 
> Does anyone have suggestions for tracking down this issue?
> 
> Note: If I force a 'relabel' on the root file system and reboot, the 
> login works even with SELinux set to enforcing, but that does not 
> explain why the settings in the kickstart are not being honored.

Fedora images are to have selinux enforcing. thats what really should
be tested. likely its anaconda thats setting it to enforcing.

Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlB+Ud8ACgkQkSxm47BaWfe4QwCfe52ZdNyJr4OaKCoO7HOxav+t
RYYAoIeP1fOtROkPyUg3EBa+5mAABvkD
=jny+
-----END PGP SIGNATURE-----