On Thu, 2014-01-09 at 11:32 +0100, Maros Zatko wrote: > Dear guys and ladies, > So it seems like livecd-creator is silently disabling selinux. > Proof: vim $(which livecd-creator) ; line 150 > Fact, that it's re-enabled afterwards doesn't ease silent disablement of > security feature. > > I'd love to know the reason and if it's possible to do something about it.
Because live images don't work properly if it's either disabled or enforcing while the image is being generated. Why *that* is I don't know, but before bcl made the livecd-creator script do this, we just had a bit in the livecd-creator instructions which said "you have to run setenforce Permissive before starting to build a live image". If you try building a live image with SELinux either disabled or enforcing on the build host, you wind up either with a compose that fails, or an image that can't be booted in enforcing mode. livecd-creator is a string-and-duct-tape hack, it does quite a lot of ugly things. bcl's been trying to replace it with livemedia-creator for a while, but that effort seems to keep running into roadblocks. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
