[Fedora-livecd-list] Re: Unnecessary SELinux Failure Condition?

Jay Greguske jgregusk at redhat.com
Fri Sep 25 12:59:39 UTC 2009


Jeremy Katz wrote:
> On Fri, Sep 18, 2009 at 10:26 AM, Jay Greguske <jgregusk at redhat.com> wrote:
>   
>> Daniel J Walsh wrote:
>>     
>>> On 09/11/2009 04:47 PM, Jay Greguske wrote:
>>>       
>>>> While using livecd-creator and poking around the code, I found a check
>>>> that I don't understand the reason for. livecd-creator will bail out if
>>>> the host has SELinux disabled and the kickstart file requests it be
>>>> enabled. Why is that? I would think that if SELinux was disabled but you
>>>> still had the policy available, that would be all you need to build a
>>>> properly labeled image.
>>>>         
> [snip]
>   
>>>> Perhaps the failure condition is no longer necessary?
>>>>
>>>>         
>>> Yes I think that is no longer necessary.  And it should definitely be supported.
>>>
>>>       
>> Attached is a cleaner patch that removes the check and some other
>> unnecessary code (thanks Dan). With this users should be able to build
>> livecd images that have SELinux enabled on an SELinux-disabled host.
>> I've tested this on an F10 system with an F10 and a RHEL 5 kernel. Both
>> kernels I was able to build images with the SELinux enabled and disabled
>> on the host (but always enabled in the kickstart file).
>>     
>
> There have been some problems more recently with the booleans stuff if
> SELinux isn't enabled.  Does that all end up working correctly still?
>
> I'm not fundamentally opposed to the patch; it's just historically
> been something which didn't work.
>
> - Jeremy
>   
I'll look into it. Are there any you have in mind specifically?

- Jay




More information about the livecd mailing list