[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
RE: mach/mock and selinux
- From: "Oliver Falk" <oliver linux-kernel at>
- To: "'Discussion related to Fedora Extras'" <fedora-extras-list redhat com>
- Subject: RE: mach/mock and selinux
- Date: Sat, 21 May 2005 13:45:26 +0200
> petersen redhat com (Jens Petersen) writes:
>
> >>>Thanks. I tried it and got to:
> >>>
> >>>$ mock -r fedora-3-i386-core mock-0.1-1.src.rpm
> > ::
> >>> Non-zero return value 127 on executing
> >>>/usr/sbin/mock-helper chroot
> >>>/var/lib/mock//fedora-3-i386-core/root /sbin/runuser - root -c
> >>>"/usr/sbin/useradd -u 500 -d /builddir mockbuild"
> >
> > Ok I haven't tested, but apparently this is caused by using
> > selinux,
> > which presumably also explains the problem I was seeing
> > earlier with mach.
>
> SELinux was never designed to work with or in chroot
> environments, and unless somebody implements another kernel
> API, this will not change. So best would be, to disable
> SELinux completely at system start.
Correct, Enrico, but wouldn't make sense to give user mock all (selinux)
permission for /var/lib/mock!? Just in case someone wants to have selinux
enabled, but also wants to use mock :-) Hmmm. Or is this caused by useradd
that want's to write /var/lib/mock/*/*/etc/{passwd,group,shadow}? If so it
might be harder to find a good solution. I don't think that allowing useradd
to write to /var/lib/mock/*/* is a good idea...
However, just my 2 cent. As I'm not a selinux-fan and have it disabled on my
dev-boxes, I don't mind. :-)
Best,
Oliver
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]