[Fedora-livecd-list] selinux set to permissive in kickstart, but ISO says it's in enforcing mode
Peter Scheie
Peter.Scheie at visionshareinc.com
Wed Sep 2 11:07:40 UTC 2009
-----Original Message-----
From: fedora-livecd-list-bounces at redhat.com on behalf of Peter Scheie
Sent: Tue 9/1/2009 4:12 PM
To: fedora-livecd-list at redhat.com
Subject: Re: [Fedora-livecd-list] selinux set to permissive in kickstart,but ISO says it's in enforcing mode
On Tue, 2009-09-01 at 17:02 -0400, Patrice Guay wrote:
> Peter Scheie wrote:
> > I'm trying to build a Centos livecd that will mostly call anaconda with
> > a kickstart file on an http server. I modified the
> > centos-livecd-minimal.ks file, first adding system-config-network-tui to
> > the %packages section to get networking, and the resulting ISO worked
> > fine. Next I added anaconda to the %packages section. But the
> > resulting ISO kernel panics saying "Unable to load SELinux Policy.
> > Machine is in enforcing mode." I don't really need selinux for my
> > purposes, so I changed the selinux setting in the ks file to
> > --permissive, but I still get the same panic. Any ideas as to why the
> > permissive setting isn't being picked up? Or what about adding anaconda
> > (which admittedly adds a bunch of other packages) made it stop loading
> > the policy file? Thanks.
> >
> > Peter
>
> What is the current SELinux policy on the machine used to build the
> LiveCD? As stated in the CentOS LiveCD documentation, "the build host
> should have SELinux in permissive mode. Edit /etc/sysconfig/selinux and
> restart the computer to enforce this policy."
>
> --
SELINUX is already set to permissive, and SELINUXTYPE is set to targeted
in /etc/sysconfig/selinux. That's the first thing I checked, but it was
already set correctly.
Peter
----
I tested this on my home machine last night and got the same result. At home,
the host system where I build the livecd is also a Centos 5 VM running on VirtualBox
on top of Ubuntu. In the Centos's /etc/sysconfig/selinux, SELINUX was set to disabled;
it was also set to disabled in the kickstart file used with livecd-creator. For
the record, I did a yum update before running livecd-creator. So, it appears
something in the anaconda package somehow changes the selinux setting. Any
ideas of how to fix that?
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4164 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/livecd/attachments/20090902/04d68d6a/attachment.bin
More information about the livecd
mailing list