[Fedora-livecd-list] F17 imgcreate SELinux failures
Frederick Grose
fgrose at gmail.com
Fri Jun 1 16:53:41 UTC 2012
On Tue, May 29, 2012 at 7:04 PM, Daniel Drake <dsd at laptop.org> wrote:
> Hi,
>
> We use python-imgcreate to build OLPC images:
>
> http://dev.laptop.org/git/projects/olpc-os-builder/tree/modules/base/build.40.imagecreate.py
> and we distribute this to our customers to build their own, customised
> images too.
>
> Under F17, we aren't able to build images in this way when selinux is
> enforcing on the host system.
>
> When packages get installed and want to run ldconfig or groupadd,
> selinux blocks them.
> audit.log says e.g.:
>
> type=SELINUX_ERR msg=audit(1338332428.453:68272):
> security_compute_sid: invalid context
> unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 for
> scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=process
> type=SYSCALL msg=audit(1338332428.453:68272): arch=40000003 syscall=11
> success=no exit=-13 a0=994dc48 a1=994c2f8 a2=994bfa0 a3=994c2f8
> items=0 ppid=19050 pid=19051 auid=1009 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=5527 comm="sh"
> exe="/usr/bin/bash"
> subj=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023 key=(null)
>
> Is this a known issue?
>
> Thanks,
> Daniel
>
There is this recent thread in the Anaconda list:
https://www.redhat.com/archives/anaconda-devel-list/2012-May/msg00315.html
--Fred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/livecd/attachments/20120601/93191847/attachment.html>
More information about the livecd
mailing list