-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El Fri, 10 Jan 2014 15:26:38 -0800 Adam Williamson <awilliam@xxxxxxxxxx> escribió: > On Thu, 2014-01-09 at 11:32 +0100, Maros Zatko wrote: > > Dear guys and ladies, > > So it seems like livecd-creator is silently disabling selinux. > > Proof: vim $(which livecd-creator) ; line 150 > > Fact, that it's re-enabled afterwards doesn't ease silent > > disablement of security feature. > > > > I'd love to know the reason and if it's possible to do something > > about it. > > Because live images don't work properly if it's either disabled or > enforcing while the image is being generated. Why *that* is I don't > know, but before bcl made the livecd-creator script do this, we just > had a bit in the livecd-creator instructions which said "you have to > run setenforce Permissive before starting to build a live image". > > If you try building a live image with SELinux either disabled or > enforcing on the build host, you wind up either with a compose that > fails, or an image that can't be booted in enforcing mode. Adam this is not true, All Offical Fedora images for years were built on hosts with selinux disabled. F20 was the first time images were built with the host in permissive mode, but then they are built in a mock chroot which has selinux disabled in the chroot Dennis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJS0IM5AAoJEH7ltONmPFDR0g4QAI6klWhJfx3rNdtYX5k+5CZy jYGsPMyv7SE2N20p0WNj7v0SNA1jo3wcqsugHTsyGME1G72n15zL3PIqaYUuq4rJ RmHQDxfUugq66n5iNnfw7lsJ/N2sqCd86wR1TTnWHKYypqf5XmKx6tBOY6A+uEEF MmOTaoDHVbtFM9bKZGKkfqorhFJH16mNleS1mC/sC/+a5xuGKbVBDYM2Pt+7/H1T YNPTZQhyEUR6k40vTV642yFxkSE/chltBswE9ZXTErey2JUuPLOdrRbppd9tj7vu Lcbxm7NPpXTJA9fKeBlNwIlXq25wVHu98NlyCfawNE6fNZzqWm03tP7If0PHy7x7 KG3M6EUQy+aLm+vRRa/H7iEH/USGe8wgTDY1IizDShuJQeKfAmVtUyXijvGNcGer K3z3BURivWvvXjuZ8sIfZTCq6IDkWC7MQh4X6gPj58t4ZVj3/p5nnxBhVwh1Nksn pumS3/mtUz/c+Rw5JtwWKS2QuUTG4U9ywspjkz7oGqEWDm/Th67t/1zmhof/LT0T lVmJWM6gyz9lhWBGNZhkGfNqcTvNdTo9TJ8nu4eCTKIGQRS7ODk6u/m1sBFxg8/i 0IrxHfW6Od0wrglxwh695G9liRVctLfmrwzTcnmiee/KQRVNa0TTDq7RdvU6Nsp+ zzNex8J/09Vj73TLmg9B =JLdx -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
