Paul Howarth wrote:
OK, what I've got now is as follows:
... (yesterday's mock policy module snipped) ...I've rewritten the mock policy now because I came across another problem with it: trying to run mono under mock to build mono apps failed with execheap violations. This couldn't be fixed as simply as the execmod issues with old libraries, so I've ended up having mock run in its own domain, mock_t (much like mono would normally run in mono_t) and having mock_t able to do execheap and execmem, as per the current policy for mono_t.
Full details for anyone that's interested here: http://www.city-fan.org/tips/PaulHowarth/Blog/2006-04-20I'll give this a few days whilst I see if any more issues crop up, and then I'll update the fedoraproject wiki with the details. Or it might eventually be an idea to include it in Core policy.
Paul.