-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 21/12/15 15:06, Robert Moskowitz wrote: > Minor typo in the wiki on selinux. It says to edit: > > /etc/syconfig/selinux > > That should be: > > /etc/sysconfig/selinux > Updated, thanks > It took about 4 min on the reboot on my Cubieboard2, but of course > it depends what you have added since install. > > I would like to enforce selinux from the firstboot. Seems I can > mount the image and make these 3 changes prior to first boot and > the system would come up inititally with selinux enforced? Yes, and our plan was to enforce that, but due to the long time needed to relabel the filesystem, we preferred to let it in permissive mode, and let the users decide if they wanted to to enforce it or not . To be clear , I'd really want to have it in enforcing in the default install, but that 5 minutes delay would be a "NO GO" for people trying CentOS Userland for the first time (and people not even reading the doc about the reason why, etc ..) > > And looking at the fedora-arm-installer and what we would want in a > centos-arm-installer, the Fedora install has to disable selinux. > The Centos install would have to enforce selinux. So these edits > that are in the wiki would need to be scripted and then, of course > the instructions from the Fedora wiki cannot be directly brought > over to the Centos wiki as we are doing the reverse of them in this > case. Something to think about, but if adding those 5 minutes would still be needed, then I'd say that we'd stick with current policy : permissive and people can switch to enforcing with a complete relabel > > Which brings the question of is the resize method used in the > fedora-arm-installer the same as what we would use in the centos > install? > > Could I specify both of switch selinux to enforce AND resize the > partition in the install to take affect on firstboot? > - From my initial tests in the past, yes, you can : it will reboot anyway, but I don't remember which one will be done first (have to verify which one is started first : relabeling or autoresize) PS : I'm in a kind of "offline" mode those two weeks, reason why I'll be slow to react, but hopefully back at full steam soon :-) - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlZ6blYACgkQnVkHo1a+xU40RgCffg1/Z8qqfad59nB0FjRyPAmq OfsAoIJD6CeBTxJBSFsc3KApmmdRxgpp =Aodm -----END PGP SIGNATURE-----