Richard W.M. Jones
2009-Jul-31 15:01 UTC
[Libguestfs] [PATCH] lib: Add selinux=0 to default kernel command line.
-- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 75 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora -------------- next part -------------->From a9f70c25326116215af71b1679d78e02defc3aed Mon Sep 17 00:00:00 2001From: Richard W.M. Jones <rjones at redhat.com> Date: Fri, 31 Jul 2009 15:57:46 +0100 Subject: [PATCH] lib: Add selinux=0 to default kernel command line. SELinux exists in a very disturbed state if it is enabled at boot time, but no policy is loaded. In particular, it messes up the security.selinux extended attributes on files in a not-very-useful way. We can't enable SELinux because we don't know what policy can or should be loaded. Therefore it's best to disable it completely. --- src/guestfs.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/guestfs.c b/src/guestfs.c index 72cd2f3..63e24f0 100644 --- a/src/guestfs.c +++ b/src/guestfs.c @@ -1044,7 +1044,8 @@ guestfs_launch (guestfs_h *g) "udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */ \ "noapic " /* workaround for RHBZ#502058 - ok if not SMP */ \ "acpi=off " /* we don't need ACPI, turn it off */ \ - "cgroup_disable=memory " /* saves us about 5 MB of RAM */ + "cgroup_disable=memory " /* saves us about 5 MB of RAM */ \ + "selinux=0 " /* SELinux is messed up if there's no policy */ /* Linux kernel command line. */ snprintf (append, sizeof append, -- 1.6.2.5
Matthew Booth
2009-Jul-31 15:43 UTC
[Libguestfs] [PATCH] lib: Add selinux=0 to default kernel command line.
On 31/07/09 16:01, Richard W.M. Jones wrote: ACK -- Matthew Booth, RHCA, RHCSS Red Hat Engineering, Virtualisation Team M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490