[lorax] Comment on why selinux needs to be in permissive or disabled | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
---
src/pylorax/__init__.py | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py
index f21618d..aeb1b02 100644
--- a/src/pylorax/__init__.py
+++ b/src/pylorax/__init__.py
@@ -170,6 +170,16 @@ class Lorax(BaseLoraxClass):
sys.exit(1)
# is selinux disabled?
+ # With selinux in enforcing mode the rpcbind package required for
+ # dracut nfs module, which is in turn required by anaconda module,
+ # will not get installed, because it's preinstall scriptlet fails,
+ # resulting in an incomplete initial ramdisk image.
+ # The reason is that the scriptlet runs tools from the shadow-utils
+ # package in chroot, particularly groupadd and useradd to add the
+ # required rpc group and rpc user. This operation fails, because
+ # the selinux context on files in the chroot, that the shadow-utils
+ # tools need to access (/etc/group, /etc/passwd, /etc/shadow etc.),
+ # is wrong and selinux therefore disallows access to these files.
logger.info("checking the selinux mode")
if selinux.security_getenforce():
logger.critical("selinux must be disabled or in Permissive mode")
--
1.7.9.5
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
[Home] [Fedora Users] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
