[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fedora buildsys and SELinux

From: James Morris <jmorris namei org>
To: Bill Nottingham <notting redhat com>
Cc: fedora-selinux-list <fedora-selinux-list redhat com>
Subject: Re: Fedora buildsys and SELinux
Date: Thu, 17 Apr 2008 10:43:17 +1000 (EST)

On Wed, 16 Apr 2008, Bill Nottingham wrote:

> James Morris (jmorris namei org) said: 
> > > * All the parties are here now needed to figure this out
> > > * Someone better than me is going to reply with specifics about what is
> > > not working in the buildsys
> > > * We all agree it's pretty important to get this figured out in a good
> > > way
> > 
> > Can you please explain specifically what the problem is?
> 
> You cannot create files in a chroot of a context not known by the
> host policy. This means that if your host is running RHEL 5, you are
> unable to compose any trees/images/livecds with SELinux enabled for
> later releases.

Ok, that's what I suspected.

One of the possible plans for this is to allow a process to run in a 
separate policy namespace, and probably also utilize namespace support in 
general.

This is non-trivial and needs more analysis.


- James
-- 
James Morris
<jmorris namei org>

Follow-Ups:
- Re: Fedora buildsys and SELinux
  - From: Karsten 'quaid' Wade
- Re: Fedora buildsys and SELinux
  - From: Bill Nottingham

References:
- Fedora buildsys and SELinux
  - From: Karsten 'quaid' Wade
- Re: Fedora buildsys and SELinux
  - From: James Morris
- Re: Fedora buildsys and SELinux
  - From: Bill Nottingham

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]