[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux breaks revisor



Simo Sorce wrote:
On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote:
On Jan 22, 2008 12:16 PM, Jeff Spaleta <jspaleta gmail com> wrote:
Selinux when interacting with any chroot-like apparatus is still a
problem.  Perhaps its time to take stock of all the packages that rely
on chroot-like behavior which are similarly affected by selinux, so
that a common technical solution can be found and applied.
+1

This is just a bug between SELinux and any chrooting program.  It is
not a reason to fetch torches and pitchforks or to complain that
SELinux sucks, or any of that nonsense. Fixing the interaction between
SELinux and chroot is one of those things that can only get better the
more real world usage SELinux sees.

It seem to me that SELinux can provide for the same (or better)
"features" of chroot without actually requiring a chrooted environment.
So shouldn't we simply provide targeted policies and not use chroot for
known services ?

That wouldn't work. You shouldn't rely on SELinux but only take advantage of it if it is enabled.

Rahul


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]