Michael DeHaan wrote:
Gary Thomas wrote:
I'm trying to use anaconda+kickstart to load up a deeply
embedded platform. This device will never need nor use
selinux, so I want to figure out how to keep it from
ever being installed, whatsoever.
How do I make this happen in the kickstart file?
Note: this is such a resource limited platform that simply
installing the "selinux-policy-targetted" RPM takes around
5 hours! Hence my desire to never even try.
Just add "selinux disabled" in your kickstart and it will not be enabled
and will not be doing anything.
There isn't a lot of overhead in terms of extra storage to worry about
AFAIK.
The policy shouldn't be being applied if don't turn selinux on (either
in enforcing mode or permissive). I could be wrong about this however,
have you tried disabling SELinux in your kickstart for starters?
Yes. I have "selinux --disabled" in my kickstart and I start
anaconda with "selinux=0" (don't believe the documentation on
this one - trust the code). It still loads the selinux packages
and the loader/anaconda still tries to do stuff with selinux, e.g.
from my install log:
12:38:33 WARNING : Failed to create /etc/selinux/config: Read-only file system
12:38:33 WARNING : Failed to create /etc/selinux/targeted/contexts/customizable_types: Read-only
file system
etc.
BTW, my embedded kernel also is tuned for no selinux support,
so even if the packages are installed, nothing happens (they
just get in the way IMO)
I have found that I can simply remove "selinux-policy-targetted"
in my kickstart packages and this makes things much better.
%packages
@base
-selinux-policy-targeted
%end
--
------------------------------------------------------------
Gary Thomas | Consulting for the
MLB Associates | Embedded world
------------------------------------------------------------
_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/kickstart-list
