query: mock + libselinux-mock.so LD_PRELOAD... why?
Michael E Brown
Michael_E_Brown at dell.com
Thu Jan 3 22:44:57 UTC 2008
On Thu, Jan 03, 2008 at 03:41:02PM +0000, Paul Howarth wrote:
> Michael E Brown wrote:
> >This is odd. I ran a full unit test until I didnt see this message at
> >all. Might be having git sync issues with our public mirror, I'll check.
>
> I don't think this stuff is necessary any more. Since selinux-policy
> 3.0.8-67 in Fedora 8, /usr/bin/mock is labelled
> unconfined_notrans_exec_t. So mock doesn't transition into other domains
> and it doesn't matter that rpm labels files in the chroot with context
> types that would normally cause the problematic transitions (into
> useradd_t, ldconfig_t etc.). The result is nice, clean, denial-free
> builds with SELinux in enforcing mode.
>
> This fix also renders the mock policy module as described on the wiki
> (the MockTricks page) largely redundant. The only exception case I can
> see is if some task needing to run as part of a build requires execheap
> permission, which might happen for some mono/java-based packages but I
> don't know of any problem packages right now. That bridge can no doubt
> be crossed when someone comes tp it.
>
> Not sure if this fix has been applied in F-7 or if it will ever make it
> into RHEL/CentOS though.
Well this is good news. Thanks.
--
Michael
More information about the Fedora-buildsys-list
mailing list