[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [RFC] Livecd-creator and selinux, we can play nice

From: Bill Nottingham <notting redhat com>
To: Daniel J Walsh <dwalsh redhat com>
Cc: fedora-livecd-list redhat com, fedora-selinux-list redhat com
Subject: Re: [RFC] Livecd-creator and selinux, we can play nice
Date: Thu, 29 May 2008 11:01:17 -0400

Daniel J Walsh (dwalsh redhat com) said: 
> Well I think we need to do a couple of these to figure out the common
> requirements.
> 
> I envision mock to be quite different then livecd.  I think we need to
> full the mock chroot to think SELinux is disabled and to do no labeling
> in the chroot.  This would allow us to confine the mock process to be
> able to write to the chroot and label the chroot mock_rw_t.  We could
> then use SELinux to prevent mock environments from breaking out of the
> chroot, and stop mock environments from doing evil network things within
> the chroot.
> 
> In livecd we need to be able to put down labels that the host machine
> does not understand.

The problem is that mock can be used to do non-build things. (For example,
creating the anaconda install images.)

Bill

References:
- [RFC] Livecd-creator and selinux, we can play nice
  - From: Eric Paris
- Re: [RFC] Livecd-creator and selinux, we can play nice
  - From: Bill Nottingham
- Re: [RFC] Livecd-creator and selinux, we can play nice
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]