On Fri, 18 Jan 2008, John Summerfield wrote: > Gary Thomas wrote: > > I'm trying to use anaconda+kickstart to load up a deeply > > embedded platform. This device will never need nor use > > selinux, so I want to figure out how to keep it from > > ever being installed, whatsoever. > > You're using the wrong Linux distro; selinux is built into the kernel. > [root@numbat ~]# grep SELINUX /boot/config-2.6.18-8.1.15.el5 | head -1 > CONFIG_SECURITY_SELINUX=y > [root@numbat ~]# One thing is to get the support into kernel, and another one to have all userspace binaries, libraries and so installed > > How do I make this happen in the kickstart file? > > > > Note: this is such a resource limited platform that simply > > installing the "selinux-policy-targetted" RPM takes around > > 5 hours! Hence my desire to never even try. > What you need is a minimal installation, so two choices: "%packages --nobase --excludedocs" and then specify by hand what you really need or install on a big brother system, then remove everything not needed on your appliance and rsync fs to your device... install grub on storage device and try if it works or not ;) > If you want prebuilt binaries I suggest Debian. Note that Debian's > moving to apparmour, but I don't know what its implications are. Well, apparmour has raised several complaints about the approach to security, but in this case, the problem is about CPU muscle to install in an embedded device, not about SELinux nor AppArmor Regards Pablo _______________________________________________ Kickstart-list mailing list Kickstart-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/kickstart-list