Daniel J Walsh wrote:
On 09/11/2009 04:47 PM, Jay Greguske wrote:
> While using livecd-creator and poking around the code, I found a check
> that I don't understand the reason for. livecd-creator will bail out if
> the host has SELinux disabled and the kickstart file requests it be
> enabled. Why is that? I would think that if SELinux was disabled but you
> still had the policy available, that would be all you need to build a
> properly labeled image.
> Out of curiosity I made changes to the code just to see what would
> happen. I attached them to this mail for reference, NOT as proposed
> changes to be applied to the livecd-tools code. On an F10 system with
> SELinux disabled I was able to build a working livecd image that I could
> boot and play around in. SELinux was being enforced in the image too. I
> was able to do this with a RHEL 5 kernel as well, just to see if maybe
> something had changed with an earlier version of SELinux.
> Perhaps the failure condition is no longer necessary?
> Thanks in advance,
> - Jay
Yes I think that is no longer necessary. And it should definitely be supported.
Attached is a cleaner patch that removes the check and some other
unnecessary code (thanks Dan). With this users should be able to build
livecd images that have SELinux enabled on an SELinux-disabled host.
I've tested this on an F10 system with an F10 and a RHEL 5 kernel. Both
kernels I was able to build images with the SELinux enabled and disabled
on the host (but always enabled in the kickstart file).
Let me know what you guys think!