[RFC] -v2 livecd running and selinux enforcing

Jeremy Katz katzj at redhat.com
Fri Jun 6 02:08:39 UTC 2008


This looks good.  Just a couple of (minor) tweaks/questions

* Doesn't want to apply cleanly to current tip of git.  Should be
straight-forward to fix, if you don't have the time, I can
* Any chance of splitting it into two chunks (one for the main bit, a
second for the "selinux --enforcing request, but no lokkit in the
package list)?  Again, I can if not

On Thu, 2008-06-05 at 17:35 -0400, Eric Paris wrote:
> Still ongoing selinux policy and toolchain work in this area is needed
> and I should do more testing on a host machine with selinux disabled but
> this is the livecd patch I've got working as of today.  I think that I
> want to make my print >> sys.stderr message actually be fatal.  The
> reason for this is because setting selinux --disabled in the kickstart
> and not having /usr/sbin/lokkit results in an enabled livecd which
> doesn't work...   No reason to just print a message and not stop the
> work if we know for sure the results are useless...

Sure, and it's early enough to be reasonable.  Just switch the print to
raise CreatorError and things will get torn down correctly too

> This patch also has the f.close() fix that I sent yesterday, so it might
> not apply if you already applied that one...

Yeah, I pushed it right after you sent it


In any case, I can fix those little things up tomorrow if you want to
move on to something else and just get this committed, pushed and the
relevant bug closed.  And then we can hopefully get some more testing
than just the two of us

Jeremy




More information about the selinux mailing list