Comment on why selinux needs to be in permissive or disabled

This commit is contained in:
Martin Gracik 2012-06-04 10:54:01 +02:00
parent cbe001638e
commit 2e907c072c

View File

@ -170,6 +170,16 @@ class Lorax(BaseLoraxClass):
sys.exit(1)
# is selinux disabled?
# With selinux in enforcing mode the rpcbind package required for
# dracut nfs module, which is in turn required by anaconda module,
# will not get installed, because it's preinstall scriptlet fails,
# resulting in an incomplete initial ramdisk image.
# The reason is that the scriptlet runs tools from the shadow-utils
# package in chroot, particularly groupadd and useradd to add the
# required rpc group and rpc user. This operation fails, because
# the selinux context on files in the chroot, that the shadow-utils
# tools need to access (/etc/group, /etc/passwd, /etc/shadow etc.),
# is wrong and selinux therefore disallows access to these files.
logger.info("checking the selinux mode")
if selinux.security_getenforce():
logger.critical("selinux must be disabled or in Permissive mode")