No selinux whatsoever

Pablo Iranzo Gómez Pablo.Iranzo at redhat.com
Fri Jan 18 17:29:42 UTC 2008 

	As suggested, try

	%packages --nobase --excludedocs

	This will slim fit your deployment, but be sure to specify which
packages you want to install on system...
	Regards
	Pablo



-- 
Pablo Iranzo Gómez
(http://Alufis35.uv.es/~iranzo/)
(PGPKey Available on http://www.uv.es/~iranzop/PGPKey.pgp)
                  --
Postulado de Boling sobre la Ley de Murphy:

Si se encuentra bien, no se preocupe. Se le pasará

On Fri, 18 Jan 2008, Gary Thomas wrote:

> Michael DeHaan wrote:
> > Gary Thomas wrote:
> >> I'm trying to use anaconda+kickstart to load up a deeply
> >> embedded platform.  This device will never need nor use
> >> selinux, so I want to figure out how to keep it from
> >> ever being installed, whatsoever.
> >>
> >> How do I make this happen in the kickstart file?
> >>
> >> Note: this is such a resource limited platform that simply
> >> installing the "selinux-policy-targetted" RPM takes around
> >> 5 hours!  Hence my desire to never even try.
> >>
> >
> > Just add "selinux disabled" in your kickstart and it will not be enabled
> > and will not be doing anything.
> >
> > There isn't a lot of overhead in terms of extra storage to worry about
> > AFAIK.
> >
> > The policy shouldn't be being applied if don't turn selinux on (either
> > in enforcing mode or permissive). I could be wrong about this however,
> > have you tried disabling SELinux in your kickstart for starters?
>
> Yes. I have "selinux --disabled" in my kickstart and I start
> anaconda with "selinux=0" (don't believe the documentation on
> this one - trust the code).  It still loads the selinux packages
> and the loader/anaconda still tries to do stuff with selinux, e.g.
> from my install log:
>    12:38:33 WARNING : Failed to create /etc/selinux/config: Read-only file system
>    12:38:33 WARNING : Failed to create /etc/selinux/targeted/contexts/customizable_types: Read-only
> file system
> etc.
>
> BTW, my embedded kernel also is tuned for no selinux support,
> so even if the packages are installed, nothing happens (they
> just get in the way IMO)
>
> I have found that I can simply remove "selinux-policy-targetted"
> in my kickstart packages and this makes things much better.
>
> %packages
> @base
> -selinux-policy-targeted
> %end
>
> --
> ------------------------------------------------------------
> Gary Thomas                 |  Consulting for the
> MLB Associates              |    Embedded world
> ------------------------------------------------------------
>
> _______________________________________________
> Kickstart-list mailing list
> Kickstart-list at redhat.com
> https://www.redhat.com/mailman/listinfo/kickstart-list
>

More information about the Kickstart-list mailing list