[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Fedora buildsys and SELinux
- From: Jeremy Katz <katzj redhat com>
- To: Eric Paris <eparis redhat com>
- Cc: fedora-selinux-list <fedora-selinux-list redhat com>
- Subject: Re: Fedora buildsys and SELinux
- Date: Mon, 12 May 2008 16:33:10 -0400
On Mon, 2008-05-12 at 11:26 -0400, Bill Nottingham wrote:
> Eric Paris (eparis redhat com) said:
> > same problem. Wonder how people would feel about really hacking up the
> > buildroot creator to force install selinux stuff first and then run the
> > full install transaction set....
>
> Due to dependencies, you can never load the policy 'first'.
Just to make this a little bit more explicit for others following along,
we can't due this because loading the policy requires that the policy be
installed on disk as well as things like load_policy being on disk.
That depends on having libc, etc in the chroot as well. So ignoring
questions of taste, you'd still have the chicken and egg problem.
But as far as taste as concerned, hacking up every single thing that
ever creates a chroot feels wrong, wrong, wrong, wrong, wrong.
Especially because it's not little hacks, it's a big hack involving
creating a new micro-transaction with only a subset of the packages. It
also becomes "interesting" when you start to think about update
operations within a chroot.
Jeremy
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]