From: Richard W.M. Jones <rjones@redhat.com>
Date: Fri, 31 Jul 2009 14:57:46 +0000 (+0100)
Subject: lib: Add selinux=0 to default kernel command line.
X-Git-Tag: 1.0.66~45
X-Git-Url: http://git.annexia.org/?p=libguestfs.git;a=commitdiff_plain;h=804330120dcbedc754174fdfdf13cf7577a7eba9

lib: Add selinux=0 to default kernel command line.

SELinux exists in a very disturbed state if it is enabled at
boot time, but no policy is loaded.  In particular, it messes
up the security.selinux extended attributes on files in a
not-very-useful way.

We can't enable SELinux because we don't know what policy
can or should be loaded.  Therefore it's best to disable it
completely.
---

diff --git a/src/guestfs.c b/src/guestfs.c
index 72cd2f3..63e24f0 100644
--- a/src/guestfs.c
+++ b/src/guestfs.c
@@ -1044,7 +1044,8 @@ guestfs_launch (guestfs_h *g)
     "udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */	\
     "noapic "          /* workaround for RHBZ#502058 - ok if not SMP */ \
     "acpi=off "        /* we don't need ACPI, turn it off */		\
-    "cgroup_disable=memory " /* saves us about 5 MB of RAM */
+    "cgroup_disable=memory " /* saves us about 5 MB of RAM */           \
+    "selinux=0 "       /* SELinux is messed up if there's no policy */
 
     /* Linux kernel command line. */
     snprintf (append, sizeof append,