SELinux required? was - Re: [Fedora-livecd-list] live fedora 8 cd - login: no shell: Permission denied

ltx at charter.net ltx at charter.net
Tue Feb 5 23:04:10 UTC 2008 

Ok, I think I've found a solution, but I don't quite understand it.

It has to do with whether the livecd build system has selinux
enabled.   If it is not enabled on the host then and "selinux --disabled" is 
set in the kickstart file, then I can't log in at all with the iso
built with the kickstart file below.

If the build system has selinux set to Permissive or Enforcing
then the file below creates an iso that I can log in to without
any problem.

So, is there a way to not require that the build
system have selinux enabled?

Thanks.
Jerry


lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --disabled
firewall --disabled
firstboot --disable
#root password
rootpw myroot
part / --size 1024

repo --name=released --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=i386
repo --name=updates  --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=i386

%packages
@core
bash
kernel
passwd
policycoreutils
chkconfig
authconfig
rootfiles

%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/fedora-live << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.

. /etc/init.d/functions

# add fedora user with no passwd
useradd -c "Jerry" fedora
echo 'password' | passwd --stdin fedora

# Stopgap fix for RH #217966; should be fixed in HAL instead
touch /media/.hal-mtab
EOF

chmod 755 /etc/rc.d/init.d/fedora-live
/sbin/restorecon /etc/rc.d/init.d/fedora-live
/sbin/chkconfig --add fedora-live

echo "Welcome to my world" > /etc/motd

%end


---- Jerry <ltx at charter.net> wrote: 
> 
> Thanks.  I'll give it a try tomorrow. I've had enough for
> today :-)
> 
> Thanks for your help.
> 
> Jerry
> 
> 
> Tim Wood wrote:
> > FWIW... be very careful when doing what I just suggested.  And, just in 
> > case, do the following (just in case).  Open a terminal window.  su (to 
> > root).  make a backup of /etc/password somewhere else.  Leave that 
> > window open.  Open a new terminal window and build your LiveCD.  Then, 
> > if the kickstart causes your system (rather than the livecd's) 
> > /etc/password to be overwritten, you'll still have a root window open 
> > and you _should_ be able to copy back the backup.  At a worst case 
> > scenario, you can boot off of a livecd and restore the backup of 
> > /etc/password.
> > 
> > Tim Wood
> > 
> > 
> > ltx wrote:
> >>
> >> Yeah, I can't seem to find any docs that mention what the
> >> password is.
> >>
> >> I did put the rootpw line in and it does appear that the
> >> log in works since I get the 'Last Login' message and
> >> I get the message from /etc/motd, but then it complains
> >> that there is 'no shell: Permission denied'
> >>
> >> Jerry
> >>
> >> Tim Wood wrote:
> >>> Good question that I don't have the answer to.  Since I always 
> >>> forget, I started overiding it by adding this to the kickstart:
> >>>
> >>> # Set root password
> >>> rootpw iamroot
> >>>
> >>> If it's not a space issue, modify /etc/inittab during post and change 
> >>> the runlevel from 5 to 3.  If /etc/inittab doesn't make sense to you, 
> >>> post again and I'll copy and paste the particular line.
> >>>
> >>> Tim
> >>>
> >>>
> >>>
> >>> ltx wrote:
> >>>>
> >>>> Hi Tim,
> >>>>
> >>>> Thanks for the quick reply.  I was hoping to avoid all the
> >>>> graphics since this is more for utility work and will be
> >>>> booted often.
> >>>>
> >>>> Even if I went to the KDE desktop kickstart file what would
> >>>> the root password be?
> >>>>
> >>>> Thanks.
> >>>> Jerry
> >>>>
> >>>> Tim Wood wrote:
> >>>>> One 'feature' of the minimal is that login is disabled.  The kde 
> >>>>> desktop is a good starter.
> >>>>>
> >>>>> Tim Wood
> >>>>>
> >>>>>
> >>>>> ltx wrote:
> >>>>>>
> >>>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> I'm trying to build a basic Fedora 8 livecd to use as
> >>>>>> a vehicle to flash a card I am working on.  The flash
> >>>>>> utility works from linux running from the hard drive
> >>>>>> so that is not a concern at the moment.
> >>>>>>
> >>>>>> My problem - I can't log in!  The iso builds fine with
> >>>>>> command;
> >>>>>>
> >>>>>> livecd-creator --config=./livecd-fedora-minimal.ks --fslabel=Fedora8
> >>>>>>
> >>>>>> When I boot from it, or use qemu to test, I can't log into root
> >>>>>> or another id that I create in the kiskstart file. I followed
> >>>>>> the instructions at 
> >>>>>> http://fedoraproject.org/wiki/FedoraLiveCD/LiveCDHowTo
> >>>>>> which are great, but they even point out that the 
> >>>>>> livecd-fedora-minimal.ks
> >>>>>> kickstart file found in /usr/share/livecd-tools will not let you 
> >>>>>> log in.
> >>>>>> (unless you go to all full desktop environment - which I don't 
> >>>>>> need/want)
> >>>>>>
> >>>>>> I noticed that the minimal kickstart file disabled the root id,
> >>>>>> so I removed that and scoured the net and found that kickstart 
> >>>>>> command
> >>>>>> rootpw allows you to set the root password.   That gave me some
> >>>>>> progress.   Now when I try to log in to root I get these messages;
> >>>>>>
> >>>>>> Last login: time date...
> >>>>>> Welcome to my world           (this is what I put in /etc/motd)
> >>>>>> login: no shell: Permission denied.
> >>>>>>
> >>>>>> So, several questions:
> >>>>>>
> >>>>>> 1 - What is wrong with my kickstart file (below) that prevents
> >>>>>>     me from logging in?
> >>>>>>
> >>>>>> 2 - Is there any collections of kickstart files available (other than
> >>>>>>     those that come with the livecd-tools packages?
> >>>>>>
> >>>>>> 3 - Where can I find the kickstart file options documented?
> >>>>>>
> >>>>>> Oh, my build environment is Fedora 8 (x86_64) with all the latest
> >>>>>> updates.  I point to the x86 mirrors so I can use the CD on older
> >>>>>> machines.
> >>>>>>
> >>>>>> I'd appreciate any help you can offer.
> >>>>>>
> >>>>>> Thanks.
> >>>>>> Jerry
> >>>>>>
> >>>>>>
> >>>>>> lang en_US.UTF-8
> >>>>>> keyboard us
> >>>>>> timezone US/Eastern
> >>>>>> #auth --useshadow --enablemd5
> >>>>>> selinux --disabled
> >>>>>> firewall --disabled
> >>>>>> firstboot --disable
> >>>>>> #root password
> >>>>>> rootpw emulex
> >>>>>> part / --size 1024
> >>>>>>
> >>>>>> repo --name=released 
> >>>>>> --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-8&arch=i386 
> >>>>>>
> >>>>>> repo --name=updates  
> >>>>>> --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f8&arch=i386 
> >>>>>>
> >>>>>>
> >>>>>> %packages
> >>>>>> @core
> >>>>>> bash
> >>>>>> kernel
> >>>>>> passwd
> >>>>>> policycoreutils
> >>>>>> chkconfig
> >>>>>> authconfig
> >>>>>> rootfiles
> >>>>>>
> >>>>>> %post
> >>>>>> # FIXME: it'd be better to get this installed from a package
> >>>>>> cat > /etc/rc.d/init.d/fedora-live << EOF
> >>>>>> #!/bin/bash
> >>>>>> #
> >>>>>> # live: Init script for live image
> >>>>>> #
> >>>>>> # chkconfig: 345 00 99
> >>>>>> # description: Init script for live image.
> >>>>>>
> >>>>>> . /etc/init.d/functions
> >>>>>>
> >>>>>> if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" 
> >>>>>> ] || [ -e /.liveimg-configured ] ; then
> >>>>>>     exit 0
> >>>>>> fi
> >>>>>>
> >>>>>> exists() {
> >>>>>>     which \$1 >/dev/null 2>&1 || return
> >>>>>>     \$*
> >>>>>> }
> >>>>>>
> >>>>>> touch /.liveimg-configured
> >>>>>>
> >>>>>> # mount live image
> >>>>>> if [ -b /dev/live ]; then
> >>>>>>    mkdir -p /mnt/live
> >>>>>>    mount -o ro /dev/live /mnt/live
> >>>>>> fi
> >>>>>>
> >>>>>> # add a user
> >>>>>> useradd -c "Jerry" jerry
> >>>>>> echo 'password' | passwd --stdin jerry
> >>>>>>
> >>>>>> # read some variables out of /proc/cmdline
> >>>>>> for o in \`cat /proc/cmdline\` ; do
> >>>>>>     case \$o in
> >>>>>>     ks=*)
> >>>>>>         ks="\${o#ks=}"
> >>>>>>         ;;
> >>>>>>     xdriver=*)
> >>>>>>         xdriver="--set-driver=\${o#xdriver=}"
> >>>>>>         ;;
> >>>>>>     esac
> >>>>>> done
> >>>>>>
> >>>>>> # Stopgap fix for RH #217966; should be fixed in HAL instead
> >>>>>> touch /media/.hal-mtab
> >>>>>> EOF
> >>>>>>
> >>>>>> chmod 755 /etc/rc.d/init.d/fedora-live
> >>>>>> #/sbin/restorecon /etc/rc.d/init.d/fedora-live
> >>>>>> /sbin/chkconfig --add fedora-live
> >>>>>>
> >>>>>> echo "Welcome to my world" > /etc/motd
> >>>>>>
> >>>>>> %end
> >>>>>>
> >>>>>>
> >>>>>> -- 
> >>>>>> Fedora-livecd-list mailing list
> >>>>>> Fedora-livecd-list at redhat.com
> >>>>>> https://www.redhat.com/mailman/listinfo/fedora-livecd-list
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>
> >> -- 
> >> Fedora-livecd-list mailing list
> >> Fedora-livecd-list at redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-livecd-list
> >>
> > 
> > 
> 
> --
> Fedora-livecd-list mailing list
> Fedora-livecd-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-livecd-list

More information about the livecd mailing list