This looks good. Just a couple of (minor) tweaks/questions * Doesn't want to apply cleanly to current tip of git. Should be straight-forward to fix, if you don't have the time, I can * Any chance of splitting it into two chunks (one for the main bit, a second for the "selinux --enforcing request, but no lokkit in the package list)? Again, I can if not On Thu, 2008-06-05 at 17:35 -0400, Eric Paris wrote: > Still ongoing selinux policy and toolchain work in this area is needed > and I should do more testing on a host machine with selinux disabled but > this is the livecd patch I've got working as of today. I think that I > want to make my print >> sys.stderr message actually be fatal. The > reason for this is because setting selinux --disabled in the kickstart > and not having /usr/sbin/lokkit results in an enabled livecd which > doesn't work... No reason to just print a message and not stop the > work if we know for sure the results are useless... Sure, and it's early enough to be reasonable. Just switch the print to raise CreatorError and things will get torn down correctly too > This patch also has the f.close() fix that I sent yesterday, so it might > not apply if you already applied that one... Yeah, I pushed it right after you sent it In any case, I can fix those little things up tomorrow if you want to move on to something else and just get this committed, pushed and the relevant bug closed. And then we can hopefully get some more testing than just the two of us Jeremy -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list