livecd-creator + selinux

Eric Paris eparis at redhat.com
Thu May 15 17:50:08 UTC 2008


So I'm still stumbling along in the dark trying to get livecd-creator to
build me a nice new F10 image inside an F10 host.  I've actually got an
image that built and runs, but not without its issues.

my kickstart file has:
auth --enableshadow --enablemd5
rootpw redhat

but the livecd always has x for the password in /etc/password and * for
the password in /etc/shadow.  No ideas here I must admit.  I'm highly
doubtful its selinux since it happens in permissive and enforcing.  I
have just been booting into single user, calling passwd, init 3, and
logging in to play around in my live image....


3 errors/issues/quirks in building/running my livecd

1) libsemanage.dbase_llist_query: could not query record value
I'm told empty table, but I don't know what that means

2) /usr/sbin/semanage: Invalid prefix user
This pops out when semanage calls:
if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
I assume this has to do with my bastardized /selinux inside the chroot.
Should we just make it != 0 && != -ENOENT or whatever the error is we
get there?

3) When booting I get 3 messages that say:
inode_doinit_with_dentry:  no dentry for dev=dm-0 ino=8345
The 3 inodes in question correspond to
/etc/udev
/etc/udev/rules.d
/etc/udev/rules.d/50-udev-default.rules

no clues where this is coming from.  I don't see it when I booted my
host system....



Anyway, at this point I want clues/help/suggestions on how to create my
hacked up /selinux inside the chroot.  Right now all I'm going is
creating it on the host system and bind mounting it into the chroot.  I
really should be creating this inside creator.py.  All that needs to be
inside it is 3 files.   copies of mls and policyvers from the host
system and load is a chrfile of /dev/null.  I could just create those in
the livecd image and they will get mounted on top of when its running,
but I don't want to waste the 50 bytes or whatever it would take.  Any
good suggests on how to build this temp?  Or where I could clean it out
later?

-Eric




More information about the selinux mailing list