Keep in mind - it may be fine still you are using SELinux targeted policy, which is kiddy mode :D Some users (I am, for example) can use SELinux MLS policy, where you should write a lot of rules for every apps, so one part of lorax would works fine, another - do not at all, and third one - looks like work fine, but SELinux blocked something unusual inside lorax/installroot. On 17 December 2015 10:53:12 GMT+03:00, Dominique Martinet <dominique.martinet@xxxxxx> wrote: >Well, all my systems here (in the cluster I'm rebuilding the image for) >have selinux enforced, so I basically either have to maintain a local >patch to skip the check or to spawn a VM just for the job - both of >which I can do right now, but would rather avoid in the long term. > >Would it be possible to add a switch like >--yes-selinux-is-enforced-do-it-anyway >or something ugly to bypass the check then? > > >FWIW selinux policies are rather centralised and updated everywhere so >it should be ok for anyone in el7/recent-ish fedora (would need to test >el6) that runs root as unconstrained, may be worth checking for id -Z >instead even if it's a bit more work? > > >(I'm actually not sure if the preferred way to change which kernel to >use in the pxe images is to go through lorax or just to fix the kernel >modules in the initrd by hand.. I find lorax "cleaner", but if I have >to >kludge around it may be easier to go back to scripting around the >initrd >modification) > >Thanks, --- Regards, Vit Ry. _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list