lorax - selinux limitation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

in el7, in /usr/lib/python2.7/site-packages/pylorax/__init__.py we have
this comment/code:
# is selinux disabled?
# With selinux in enforcing mode the rpcbind package required for
# dracut nfs module, which is in turn required by anaconda module,
# will not get installed, because it's preinstall scriptlet fails,
# resulting in an incomplete initial ramdisk image.
# The reason is that the scriptlet runs tools from the shadow-utils
# package in chroot, particularly groupadd and useradd to add the
# required rpc group and rpc user. This operation fails, because
# the selinux context on files in the chroot, that the shadow-utils
# tools need to access (/etc/group, /etc/passwd, /etc/shadow etc.),
# is wrong and selinux therefore disallows access to these files.
logger.info("checking the selinux mode")
if selinux.is_selinux_enabled() and selinux.security_getenforce():
    logger.critical("selinux must be disabled or in Permissive mode")
    sys.exit(1)


I've just generated new images on a centos7.1 box with selinux enabled
and it didn't seem to run into any selinux-related trouble after
disabling this check - in particular, /etc/passwd in the LiveOS image
does contain rpcuser and there wasn't any obvious error message in the
whole lorax process.

Would it be possible to remove this now?
(do you want me to send a trivial patch that just removes this bunch of
lines so my name is on it for future complains?)

-- 
Dominique Martinet

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list



[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux