I've just found one issue with the patch:<br>@@ -722,7 +714,6 @@ class ImageCreator(object):<br> kickstart.KeyboardConfig(self._instroot).apply(ksh.keyboard)<br> kickstart.TimezoneConfig(self._instroot).apply(ksh.timezone)<br>
kickstart.AuthConfig(self._instroot).apply(ksh.authconfig)<br>- kickstart.SelinuxConfig(self._instroot).apply(ksh.selinux)<br> kickstart.FirewallConfig(self._instroot).apply(ksh.firewall)<br> kickstart.RootPasswordConfig(self._instroot).apply(ksh.rootpw)<br>
kickstart.ServicesConfig(self._instroot).apply(ksh.services)<br>@@ -734,6 +725,9 @@ class ImageCreator(object):<br> <br> self.__run_post_scripts()<br> <br>+ # selinux should always come last<br>+ kickstart.SelinuxConfig(self._instroot).apply(ksh.selinux)<br>
+<br> def launch_shell(self):<br> """Launch a shell in the install root.<br> <br>This reverts<br><a href="http://git.fedorahosted.org/git/?p=livecd;a=commitdiff;h=d8c25944dde2de95a38c08fbb8e890295290ab21">http://git.fedorahosted.org/git/?p=livecd;a=commitdiff;h=d8c25944dde2de95a38c08fbb8e890295290ab21</a><br>
<br>Other issue is that pykickstart "selinux" command doesn't have --type option to specify the policy and lokkit. assumes "targeted" if --selinuxtype=<type> is not specified. SelinuxConfig should not touch SELINUXTYPE already set in /etc/selinux/config by %post script.<br>
To avoid lokkit side-effects, I'll amend the patch to use Augeas to modify /etc/selinux/config<br><br>Alan<br><br>