[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Fedora buildsys and SELinux

From: Bill Nottingham <notting redhat com>
To: James Morris <jmorris namei org>
Cc: fedora-selinux-list <fedora-selinux-list redhat com>
Subject: Re: Fedora buildsys and SELinux
Date: Wed, 16 Apr 2008 23:23:47 -0400

James Morris (jmorris namei org) said: 
> > You cannot create files in a chroot of a context not known by the
> > host policy. This means that if your host is running RHEL 5, you are
> > unable to compose any trees/images/livecds with SELinux enabled for
> > later releases.
> 
> Ok, that's what I suspected.
> 
> One of the possible plans for this is to allow a process to run in a 
> separate policy namespace, and probably also utilize namespace support in 
> general.
> 
> This is non-trivial and needs more analysis.

Incidentally, this is also one of the blockers for policy-in-packages,
rather than a monolithic one.

Bill

Follow-Ups:
- Re: Fedora buildsys and SELinux
  - From: Stephen Smalley

References:
- Fedora buildsys and SELinux
  - From: Karsten 'quaid' Wade
- Re: Fedora buildsys and SELinux
  - From: James Morris
- Re: Fedora buildsys and SELinux
  - From: Bill Nottingham
- Re: Fedora buildsys and SELinux
  - From: James Morris

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]