Livecd-creator is disabling selinux

Adam Williamson awilliam at redhat.com
Fri Jan 10 23:35:59 UTC 2014


On Fri, 2014-01-10 at 17:33 -0600, Dennis Gilmore wrote:
> El Fri, 10 Jan 2014 15:26:38 -0800
> Adam Williamson <awilliam at redhat.com> escribió:
> > On Thu, 2014-01-09 at 11:32 +0100, Maros Zatko wrote:
> > > Dear guys and ladies,
> > > So it seems like livecd-creator is silently disabling selinux.
> > > Proof: vim $(which livecd-creator) ; line 150
> > > Fact, that it's re-enabled afterwards doesn't ease silent
> > > disablement of security feature.
> > > 
> > > I'd love to know the reason and if it's possible to do something
> > > about it.
> > 
> > Because live images don't work properly if it's either disabled or
> > enforcing while the image is being generated. Why *that* is I don't
> > know, but before bcl made the livecd-creator script do this, we just
> > had a bit in the livecd-creator instructions which said "you have to
> > run setenforce Permissive before starting to build a live image".
> > 
> > If you try building a live image with SELinux either disabled or
> > enforcing on the build host, you wind up either with a compose that
> > fails, or an image that can't be booted in enforcing mode.
> 
> Adam this is not true, All Offical Fedora images for years were built
> on hosts with selinux disabled. F20 was the first time images were
> built with the host in permissive mode, but then they are built in a
> mock chroot which has selinux disabled in the chroot

Hum, I'm sure back before the script tried to take care of it for you,
I'd had multiple failures with both 'enforcing' and 'disabled'. But if
you say so...
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net



More information about the devel mailing list