[Fedora-livecd-list] ImageCreator "selinux --disable" problem
Warren Togami
wtogami at redhat.com
Wed Feb 20 07:50:07 UTC 2008
Warren Togami wrote:
> I am trying to reproduce the install behavior of anaconda --noselinux,
> where it installs a chroot without labels. [1] I need this for LTSP due
> to SELinux chroot limitations, and Dan Walsh confirms that this is my
> best option given these current limitations.
>
> First I discovered places in kickstart.py where it is supposed to be
> checking that SELinux-from-kickstart file setting was always returning
> true. I believe the attached patch fixes this part, although it could
> use some review.
>
> To my dismay it continued to install with labels. I then realized that
> creator.py's ImageCreator mount() method unconditionally bind mounted
> the system's /selinux directory, which is incorrect if "selinux
> --disabled" is defined in the kickstart file.
>
> Perhaps my understanding of python is not advanced, but it appears that
> there is no good way to check kickstart's selinux setting from the
> mount() method due to the way it is abstracted.
>
Hmm, I unmounted /selinux in a different way prior to install, and it
still labeled the contents of the chroot unlike anaconda --noselinux. I
will dig into anaconda source tomorrow to see if there is something I am
missing.
Warren
More information about the livecd
mailing list