On Thu, 03 Jan 2008 17:07:33 -0500 Daniel J Walsh <dwalsh redhat com> wrote: > Jesse, what problems are you seeing that needs to run in permissive > mode? I know about the chroot environments and there is not a good > answer to this. Placing of the file context down without loading the > SELInux policy would help in this environment. But we would still > have problems with applications running in post install, not getting > the correct context. What I've seen is if selinux is in enforcing part of the compose process will fail in such a way that selinux will default to /off/ for the resulting composed media (funny eh?). I think it had something to do with a denial, but the memory is hazy. But since most of my composing involves A) mock for the initial compose environment (that's one chroot) and B) buildinstall itself creating an install root to populate stage1/2 contents (that's two chroots) I kind of feel I'm out in left field. -- Jesse Keating Fedora -- All my bits are free, are yours?
Description: PGP signature