[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [RFC] Livecd-creator and selinux, we can play nice
- From: Bill Nottingham <notting redhat com>
- To: Eric Paris <eparis redhat com>
- Cc: fedora-livecd-list redhat com, fedora-selinux-list redhat com
- Subject: Re: [RFC] Livecd-creator and selinux, we can play nice
- Date: Wed, 28 May 2008 16:04:43 -0400
Eric Paris (eparis redhat com) said:
> So I've spent a fair bit of time the last 2 weeks trying to get
> livecd-creator and an selinux enforcing machine to play nicely together.
> It doesn't look like much, but from the point of view of the livecd
> creator I think the following patch is all we need. Working with
> rawhide as the host system I was able to build F8, F9 and rawhide
> livecd's with an enforcing machine.
>
> I wouldn't suggest jumping into enfocing builds just yet as there are
> still some policy issues I need to work out with the selinux people but
> I would like comments. Basically its quite simple, if selinux is on the
> host we create a fake /selinux which tells the install chroot lies.
> I've had to make some changes to some selinux libraries to support all
> this, but I think we are just about there.
>
> I'll probably backport some of the kernel changes to F9 after they are
> all tested and better settled but for now I'd like input on my livecd
> changes....
My concern is this is a normal occurence (needing a chroot) that you're
only patching in one place. Do we code this same logic into mock? Into
pungi? Into yum --installroot? Into the documentation for admins on
how to set up a chroot?
(Also, for general use, we need this in a RHEL 5 kernel. Fun!)
Bill
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]