Libguestfs - Jul 2009 - [PATCH] lib: Add selinux=0 to default kernel command line.

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 75 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora
-------------- next part --------------
>From a9f70c25326116215af71b1679d78e02defc3aed Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones at redhat.com>
Date: Fri, 31 Jul 2009 15:57:46 +0100
Subject: [PATCH] lib: Add selinux=0 to default kernel command line.

SELinux exists in a very disturbed state if it is enabled at
boot time, but no policy is loaded.  In particular, it messes
up the security.selinux extended attributes on files in a
not-very-useful way.

We can't enable SELinux because we don't know what policy
can or should be loaded.  Therefore it's best to disable it
completely.
---
 src/guestfs.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/guestfs.c b/src/guestfs.c
index 72cd2f3..63e24f0 100644
--- a/src/guestfs.c
+++ b/src/guestfs.c
@@ -1044,7 +1044,8 @@ guestfs_launch (guestfs_h *g)
     "udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */
\
     "noapic "          /* workaround for RHBZ#502058 - ok if not SMP
*/ \
     "acpi=off "        /* we don't need ACPI, turn it off */		\
-    "cgroup_disable=memory " /* saves us about 5 MB of RAM */
+    "cgroup_disable=memory " /* saves us about 5 MB of RAM */        
\
+    "selinux=0 "       /* SELinux is messed up if there's no
policy */
 
     /* Linux kernel command line. */
     snprintf (append, sizeof append,
-- 
1.6.2.5

On 31/07/09 16:01, Richard W.M. Jones wrote:

ACK
-- 
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490