[Libguestfs] [PATCH] lib: Add selinux=0 to default kernel command line.
Richard W.M. Jones
rjones at redhat.com
Fri Jul 31 15:01:23 UTC 2009
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 75 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
-------------- next part --------------
>From a9f70c25326116215af71b1679d78e02defc3aed Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones at redhat.com>
Date: Fri, 31 Jul 2009 15:57:46 +0100
Subject: [PATCH] lib: Add selinux=0 to default kernel command line.
SELinux exists in a very disturbed state if it is enabled at
boot time, but no policy is loaded. In particular, it messes
up the security.selinux extended attributes on files in a
not-very-useful way.
We can't enable SELinux because we don't know what policy
can or should be loaded. Therefore it's best to disable it
completely.
---
src/guestfs.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/guestfs.c b/src/guestfs.c
index 72cd2f3..63e24f0 100644
--- a/src/guestfs.c
+++ b/src/guestfs.c
@@ -1044,7 +1044,8 @@ guestfs_launch (guestfs_h *g)
"udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */ \
"noapic " /* workaround for RHBZ#502058 - ok if not SMP */ \
"acpi=off " /* we don't need ACPI, turn it off */ \
- "cgroup_disable=memory " /* saves us about 5 MB of RAM */
+ "cgroup_disable=memory " /* saves us about 5 MB of RAM */ \
+ "selinux=0 " /* SELinux is messed up if there's no policy */
/* Linux kernel command line. */
snprintf (append, sizeof append,
--
1.6.2.5
More information about the Libguestfs
mailing list