selinux and kickstart

Moray Henderson (ICT) Moray.Henderson at ict.om.org
Tue Jun 1 12:19:53 UTC 2010 

Xavier Toth wrote:
>Sent: 30 May 2010 21:46
>To: irfan irfan
>Cc: selinux at lists.fedoraproject.org
>Subject: Re: selinux and kickstart
>
>On Sun, May 30, 2010 at 2:08 AM, irfan irfan <irfan_area47 at yahoo.co.id>
>wrote:
>> xguest still cannot install in kickstart process with error like this
>> Error in PREIN scriptlet in rpm package xguest-1.0.8-3.fc12.noarch
>> error:%pre(xguest-1.0.8-3.fc12.noarch) scriptlet failed,exit status 1
>>
>>
>>
>> ________________________________
>> From: Dominick Grift <domg472 at gmail.com>
>> To: selinux at lists.fedoraproject.org
>> Sent: Sun, May 30, 2010 3:54:20 AM
>> Subject: Re: selinux and kickstart
>>
>> On Sat, May 29, 2010 at 11:07:21PM +0800, irfan irfan wrote:
>>> Somebody can help me, how to install xguest with kickstart file. in
the
>>> log file semanage can`t run in kickstart process. Is selinux disable
on
>>> kickstart process ?
>>> Thanks before
>>
>> I am not sure but can you not just "useradd -Z xguest_u liveuser" and
>"yum
>> install xguest"?
>>>
>>>
>>>
>>>
>>
>>> --
>>> selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>>
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>
>I think the issue is that SELinux is install but isn't really running
>yet. We have packages that install policy and do semanage stuff and we
>install them in a %post (without the --nochroot) after a reboot.
>
>Ted
>--
>selinux mailing list
>selinux at lists.fedoraproject.org
>https://admin.fedoraproject.org/mailman/listinfo/selinux


SELinux is installed and running during kickstart - but it is not the
_same_ SELinux that appears on your live system.  If a particular policy
module is required to install a package, that policy module must be
present in the anaconda boot image to make it available during
kickstart.  You may have to start fiddling with anaconda's buildinstall
scripts, or Fedora's pungi tool, to get the policy module you need
running during kickstart.


Moray.
"To err is human.  To purr, feline"

More information about the selinux mailing list