I have a problem with running system normally after kickstart installation with custom partitioning. The same config with “autopart” doesn’t make any problems, but if I want to make partitions as simple ext4 boot, swap, luks->ext4 root, system goes read-only state, systemd fails to start services. I can’t provide dmesg output for now but first thing that looks bad is: systemd-fstab-generator failed to start with “Permission denied”… I think problem maybe with selinux, and I’m right! After disabling SElinux in next attempt to install the system work fine. But disabling selinux is a security issue, right? I need to reconfigure selinux default profiles to work normally with custom partitioning. I have no idea how to do it. Configuration with selinux disabled: kickstart_custom_part - Pastebin.com
sudo fixfiles -F onboot sudo reboot
Now I’ll check, I’ll have to add this to %post, I hope it will be possible to schedule this check from chroot… Because all of this is about unattended install) But even from installed system I can’t do it: fixfiles doesn’t have permissions to write config. Nothing is writable in the system.
It turned out to be easier than I thought. But I still cannot understand why the wrong labels are obtained and it is necessary to rebuild…
Take time to watch this:
Security-enhanced Linux for mere mortals - 2015 Red Hat Summit
This helps to better understand.