Re: [Fedora-livecd-list] ImageCreator "selinux --disable" problem
Warren Togami wrote:
I am trying to reproduce the install behavior of anaconda
--noselinux,
where it installs a chroot without labels. [1] I need this for LTSP due
to SELinux chroot limitations, and Dan Walsh confirms that this is my
best option given these current limitations.
First I discovered places in kickstart.py where it is supposed to be
checking that SELinux-from-kickstart file setting was always returning
true. I believe the attached patch fixes this part, although it could
use some review.
To my dismay it continued to install with labels. I then realized that
creator.py's ImageCreator mount() method unconditionally bind mounted
the system's /selinux directory, which is incorrect if "selinux
--disabled" is defined in the kickstart file.
Perhaps my understanding of python is not advanced, but it appears that
there is no good way to check kickstart's selinux setting from the
mount() method due to the way it is abstracted.
Hmm, I unmounted /selinux in a different way prior to install, and it
still labeled the contents of the chroot unlike anaconda --noselinux. I
will dig into anaconda source tomorrow to see if there is something I am
missing.
Warren