selinux breaks revisor

Jesse Keating jkeating at redhat.com
Tue Jan 22 14:51:52 UTC 2008


On Tue, 22 Jan 2008 13:29:03 +0100
"Valent Turkovic" <valent.turkovic at gmail.com> wrote:

> I tested revisor and wanted to make an up to date version of Fedora 8
> Live CD - but selinux put a stop to that.

Selinux is not going to work at all for things like revisor (and
pungi/livecd-creator).  Both make use of chroots to install packages
into, and in certain cases you can wind up causing lots of harm to your
host system (installing a new policy in the chroot will actually cause
that policy to activate on the running kernel and then you have policy
that doesn't match labels, watch the fun!).

It is strongly recommended that you disable SELinux or at least put it
in permissive if you're going to be doing composes.

-- 
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080122/344aef44/attachment.sig>


More information about the fedora-devel-list mailing list