Re: [lorax] Comment on why selinux needs to be in permissive or disabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ack - thanks very much for the explanation!

-w

On Mon, 2012-06-04 at 10:57 +0200, Martin Gracik wrote:
> ---
>  src/pylorax/__init__.py |   10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py
> index f21618d..aeb1b02 100644
> --- a/src/pylorax/__init__.py
> +++ b/src/pylorax/__init__.py
> @@ -170,6 +170,16 @@ class Lorax(BaseLoraxClass):
>              sys.exit(1)
>  
>          # is selinux disabled?
> +        # With selinux in enforcing mode the rpcbind package required for
> +        # dracut nfs module, which is in turn required by anaconda module,
> +        # will not get installed, because it's preinstall scriptlet fails,
> +        # resulting in an incomplete initial ramdisk image.
> +        # The reason is that the scriptlet runs tools from the shadow-utils
> +        # package in chroot, particularly groupadd and useradd to add the
> +        # required rpc group and rpc user. This operation fails, because
> +        # the selinux context on files in the chroot, that the shadow-utils
> +        # tools need to access (/etc/group, /etc/passwd, /etc/shadow etc.),
> +        # is wrong and selinux therefore disallows access to these files.
>          logger.info("checking the selinux mode")
>          if selinux.security_getenforce():
>              logger.critical("selinux must be disabled or in Permissive mode")


_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list


[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux