Dracut nfs module needs it. --- share/runtime-install.tmpl | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/share/runtime-install.tmpl b/share/runtime-install.tmpl index 4916b4e..d15aaf2 100644 --- a/share/runtime-install.tmpl +++ b/share/runtime-install.tmpl @@ -38,6 +38,9 @@ installpkg kernel ## extra dracut modules installpkg dracut-network anaconda-dracut
+## rpcbind or portmap needed by dracut nfs module +installpkg rpcbind + ## required for dracut installpkg kbd kbd-misc ## required for anaconda-dracut (img-lib etc.)
Selinux causes problems for rpm scriptlets in the installroot. --- src/pylorax/__init__.py | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py index 64924ce..44598d5 100644 --- a/src/pylorax/__init__.py +++ b/src/pylorax/__init__.py @@ -35,6 +35,7 @@ import os import ConfigParser import tempfile import locale +import subprocess
from base import BaseLoraxClass, DataHolder import output @@ -160,6 +161,17 @@ class Lorax(BaseLoraxClass): logger.critical("no root privileges") sys.exit(1)
+ # is selinux disabled? + logger.info("checking the selinux mode") + try: + seoutput = subprocess.check_output("/sbin/getenforce").strip() + except subprocess.CalledProcessError: + logger.error("could not get the selinux mode") + else: + if seoutput == "Enforcing": + logger.critical("selinux must be disabled or in Permissive mode") + sys.exit(1) + # do we have a proper yum base object? logger.info("checking yum base object") if not isinstance(ybo, yum.YumBase):
On Tue, 2012-05-29 at 11:02 +0200, Martin Gracik wrote:
Selinux causes problems for rpm scriptlets in the installroot.
You could use the selinux module instead:
import selinux if selinux.security_getenforce(): ...
There's also selinux.security_setenforce(), if you want to turn it off..
Also, could you make a note (in a comment in the code) about *why* we need to turn off SELinux (i.e. what goes wrong when it's left on), so we can work on fixing that later?
-w
----- Original Message -----
On Tue, 2012-05-29 at 11:02 +0200, Martin Gracik wrote:
Selinux causes problems for rpm scriptlets in the installroot.
You could use the selinux module instead:
I was looking at this, I tried selinux_getenforcemode() and it didn't work. I must have overlooked the security_getenforce() method. Thanks.
import selinux if selinux.security_getenforce(): ...
There's also selinux.security_setenforce(), if you want to turn it off..
I don't want to turn off anything in lorax. User should be aware he needs to turn it off.
Also, could you make a note (in a comment in the code) about *why* we need to turn off SELinux (i.e. what goes wrong when it's left on), so we can work on fixing that later?
I don't think we can fix it. Selinux just does not behave very good in chroots. And I put in the comment "Selinux causes problems for rpm scriptlets in the installroot.". Not enough? :)
-w
Anaconda-devel-list mailing list Anaconda-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/anaconda-devel-list
On Fri, 2012-06-01 at 02:36 -0400, Martin Gracik wrote:
Also, could you make a note (in a comment in the code) about *why* we need to turn off SELinux (i.e. what goes wrong when it's left on), so we can work on fixing that later?
I don't think we can fix it. Selinux just does not behave very good in chroots. And I put in the comment "Selinux causes problems for rpm scriptlets in the installroot.". Not enough? :)
It'd be good to have a note that explained what exactly goes wrong if SELinux is in enforcing, so:
a) we can recognize the problem if/when it happens again, and b) we can try to actually fix it (or at least work around it better) in the future.
Right now when I try to talk to the SELinux guys about it, they ask: well, what goes wrong when you try it? And I.. don't remember.
-w
anaconda-devel@lists.stg.fedoraproject.org