Daniel J Walsh wrote:
> On 09/11/2009 04:47 PM, Jay Greguske wrote:
>> While using livecd-creator and poking around the code, I found a check
>> that I don't understand the reason for. livecd-creator will bail out if
>> the host has SELinux disabled and the kickstart file requests it be
>> enabled. Why is that? I would think that if SELinux was disabled but you
>> still had the policy available, that would be all you need to build a
>> properly labeled image.
>> Out of curiosity I made changes to the code just to see what would
>> happen. I attached them to this mail for reference, NOT as proposed
>> changes to be applied to the livecd-tools code. On an F10 system with
>> SELinux disabled I was able to build a working livecd image that I could
>> boot and play around in. SELinux was being enforced in the image too. I
>> was able to do this with a RHEL 5 kernel as well, just to see if maybe
>> something had changed with an earlier version of SELinux.
>> Perhaps the failure condition is no longer necessary?
>> Thanks in advance,
>> - Jay
> Yes I think that is no longer necessary. And it should definitely be supported.
Attached is a cleaner patch that removes the check and some other
unnecessary code (thanks Dan). With this users should be able to build
livecd images that have SELinux enabled on an SELinux-disabled host.
I've tested this on an F10 system with an F10 and a RHEL 5 kernel. Both
kernels I was able to build images with the SELinux enabled and disabled
on the host (but always enabled in the kickstart file).
Let me know what you guys think!
I have remastered the Fedora Live CD to run through Virtual Box and to
mount automatically the ext3 virtual partitions. My problem is, when I
install an additional package or modify a file from the root filesystem,
the changes are not persistent. Is there a way to make them persistent,
something like unionfs with a partition of the virtual disks?
Thanks in advance
In F12 (at least) it looks like selinux is denying livecd-creator from
changing the root password of the image. I'll file a bug on this when
infrastructure is back up.
Here is the audit record:
audit.log.1:type=USER_CHAUTHTOK msg=audit(1260601250.607:153622): user pid=17278 uid=0 auid=500 ses=26 subj=unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 msg='op=change password id=0 exe="/usr/bin/passwd" hostname=? addr=? terminal=pts/1 res=failed'
Here is the message printed by livecd-creator:
passwd: unconfined_u:unconfined_r:livecd_t:s0-s0:c0.c1023 is not authorized to change the password of root
This is with targeted policy 3.6.32-56.fc12.
Phillip Lougher posted lmza+squashfs patches to lkml yesterday and today
as a followup he posted a message indicating how to build / use the new
sqaushfs-tools to build or read squashfs file systems.
The short description is that to use lzma compression when building
squashfs images you add a -comp lzma option and that when reading
squashfs file systems the type of compression is automatically detected
and no special action is needed.
If it is desired to have a single version of livecd-creator that works
regardless of whether or not mksquashfs supports lzma, it is possible to
run mksquashfs without any arguments and examine the output to see if
lzma is supported. It may also be necessary to check for a minimum kernel
being used for livecd image if livecd-creator is supposed to be able to compose
older versions of Fedora.
While I don't think I'd call this a "feature", I'd like to have something
testable by feature freeze and am willing to do some work to make this
Is there a simple way to set the default on a Live USB install to only
install Security updates.
I know using the yum-plugin-security and yum update --security is one
way, however for
Joe Average is there anyway to set this as a yum default, so that even a
yum update and or PackageKit will not prompt for additional updates?