selinux breaks revisor
Jesse Keating
jkeating at redhat.com
Tue Jan 22 18:14:54 UTC 2008
On Tue, 22 Jan 2008 13:04:26 -0500
Simo Sorce <ssorce at redhat.com> wrote:
> It seem to me that SELinux can provide for the same (or better)
> "features" of chroot without actually requiring a chrooted
> environment. So shouldn't we simply provide targeted policies and not
> use chroot for known services ?
That's not the point of many chroot usages. Frequently chroots are
used to gain access to content from a different release or arch than
what you have installed. EG we use RHEL5 to create chroots of f9 and
build packages within that chroot using F9 content. Likewise we do a
pure i386 package set on x86_64 to accomplish our i386 build. These
types of usages cannot be easily replaced with an selinux policy.
--
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080122/41a0b520/attachment.sig>
More information about the fedora-devel-list
mailing list