[Fedora-livecd-list] Re: Unnecessary SELinux Failure Condition?

[Jay Greguske]

Daniel J Walsh wrote:
> On 09/11/2009 04:47 PM, Jay Greguske wrote:
>   
>> Hello,
>>
>> While using livecd-creator and poking around the code, I found a check
>> that I don't understand the reason for. livecd-creator will bail out if
>> the host has SELinux disabled and the kickstart file requests it be
>> enabled. Why is that? I would think that if SELinux was disabled but you
>> still had the policy available, that would be all you need to build a
>> properly labeled image.
>>
>> Out of curiosity I made changes to the code just to see what would
>> happen. I attached them to this mail for reference, NOT as proposed
>> changes to be applied to the livecd-tools code. On an F10 system with
>> SELinux disabled I was able to build a working livecd image that I could
>> boot and play around in. SELinux was being enforced in the image too. I
>> was able to do this with a RHEL 5 kernel as well, just to see if maybe
>> something had changed with an earlier version of SELinux.
>>
>> Perhaps the failure condition is no longer necessary?
>>
>> Thanks in advance,
>> - Jay
>>     
> Yes I think that is no longer necessary.  And it should definitely be supported.
>
>   
Attached is a cleaner patch that removes the check and some other
unnecessary code (thanks Dan). With this users should be able to build
livecd images that have SELinux enabled on an SELinux-disabled host.
I've tested this on an F10 system with an F10 and a RHEL 5 kernel. Both
kernels I was able to build images with the SELinux enabled and disabled
on the host (but always enabled in the kickstart file).

Let me know what you guys think!

Thanks,
- Jay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remove-unnecessary-selinux-check.patch
Type: text/x-patch
Size: 2972 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-livecd-list/attachments/20090918/ea888f9a/attachment.bin>