almalinux/lorax
13
0
Fork 0
Code Issues Pull Requests Releases Activity

Comment on why selinux needs to be in permissive or disabled

Browse Source
This commit is contained in:
Martin Gracik 2012-06-04 10:54:01 +02:00
parent cbe001638e
commit 2e907c072c
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/pylorax/__init__.py
View File

@ -170,6 +170,16 @@ class Lorax(BaseLoraxClass):
sys.exit(1) sys.exit(1)
# is selinux disabled? # is selinux disabled?
# With selinux in enforcing mode the rpcbind package required for
# dracut nfs module, which is in turn required by anaconda module,
# will not get installed, because it's preinstall scriptlet fails,
# resulting in an incomplete initial ramdisk image.
# The reason is that the scriptlet runs tools from the shadow-utils
# package in chroot, particularly groupadd and useradd to add the
# required rpc group and rpc user. This operation fails, because
# the selinux context on files in the chroot, that the shadow-utils
# tools need to access (/etc/group, /etc/passwd, /etc/shadow etc.),
# is wrong and selinux therefore disallows access to these files.
logger.info("checking the selinux mode") logger.info("checking the selinux mode")
if selinux.security_getenforce(): if selinux.security_getenforce():
logger.critical("selinux must be disabled or in Permissive mode") logger.critical("selinux must be disabled or in Permissive mode")