selinux rant, compressed version (Was Re: kernels won't boot)
Jesse Keating
jkeating at redhat.com
Thu Jan 3 22:16:19 UTC 2008
On Thu, 03 Jan 2008 17:07:33 -0500
Daniel J Walsh <dwalsh at redhat.com> wrote:
> Jesse, what problems are you seeing that needs to run in permissive
> mode? I know about the chroot environments and there is not a good
> answer to this. Placing of the file context down without loading the
> SELInux policy would help in this environment. But we would still
> have problems with applications running in post install, not getting
> the correct context.
What I've seen is if selinux is in enforcing part of the compose
process will fail in such a way that selinux will default to /off/ for
the resulting composed media (funny eh?). I think it had something to
do with a denial, but the memory is hazy. But since most of my
composing involves A) mock for the initial compose environment (that's
one chroot) and B) buildinstall itself creating an install root to
populate stage1/2 contents (that's two chroots) I kind of feel I'm out
in left field.
--
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080103/2f517615/attachment.sig>
More information about the fedora-devel-list
mailing list