From 2e907c072cc0d36d0663dd10f1b6e8d23c59500f Mon Sep 17 00:00:00 2001 From: Martin Gracik Date: Mon, 4 Jun 2012 10:54:01 +0200 Subject: [PATCH] Comment on why selinux needs to be in permissive or disabled --- src/pylorax/__init__.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py index f21618d2..aeb1b020 100644 --- a/src/pylorax/__init__.py +++ b/src/pylorax/__init__.py @@ -170,6 +170,16 @@ class Lorax(BaseLoraxClass): sys.exit(1) # is selinux disabled? + # With selinux in enforcing mode the rpcbind package required for + # dracut nfs module, which is in turn required by anaconda module, + # will not get installed, because it's preinstall scriptlet fails, + # resulting in an incomplete initial ramdisk image. + # The reason is that the scriptlet runs tools from the shadow-utils + # package in chroot, particularly groupadd and useradd to add the + # required rpc group and rpc user. This operation fails, because + # the selinux context on files in the chroot, that the shadow-utils + # tools need to access (/etc/group, /etc/passwd, /etc/shadow etc.), + # is wrong and selinux therefore disallows access to these files. logger.info("checking the selinux mode") if selinux.security_getenforce(): logger.critical("selinux must be disabled or in Permissive mode")