SELinux and livecd-creator

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SELinux and livecd-creator

Marc Herbert-5
Hi,

<http://fedoraproject.org/wiki/How_to_create_and_use_a_Live_CD#Set_SELinux_to_permissive_mode>
> SELinux should be in permissive mode for livecd-creator to work.

Is this information obsolete? Or did all my past livecd-creator runs fail in a subtle and hard to notice way?

Thanks in advance.

Cheers,

Marc

--
Fedora-livecd-list mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Reply | Threaded
Open this post in threaded view
|

Re: SELinux and livecd-creator

Jeremy Katz
On Friday, April 24 2009, Marc Herbert said:
> <http://fedoraproject.org/wiki/How_to_create_and_use_a_Live_CD#Set_SELinux_to_permissive_mode>
>> SELinux should be in permissive mode for livecd-creator to work.
>
> Is this information obsolete? Or did all my past livecd-creator runs fail in a subtle and hard to notice way?

We ensure that contexts are all set correctly at the end with a
restorecon.  The biggest "problem" with being in enforcing mode vs
permissive is you can get a flood of AVCs

SELinux being disabled only works if your live image config has SELinux
disabled

Jeremy

--
Fedora-livecd-list mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Reply | Threaded
Open this post in threaded view
|

Re: SELinux and livecd-creator

Marc Herbert-5
Jeremy Katz a écrit :
> We ensure that contexts are all set correctly at the end with a
> restorecon.  The biggest "problem" with being in enforcing mode vs
> permissive is you can get a flood of AVCs

I am not sure I get this: do you mean a flood of AVCs on the build host _while_ setting all contexts at the end with restorecon?

I never noticed something like this.


> SELinux being disabled only works if your live image config has SELinux
> disabled

Sounds reasonable enough.

--
Fedora-livecd-list mailing list
[hidden email]
https://www.redhat.com/mailman/listinfo/fedora-livecd-list