On Tue, 22 Jan 2008 13:04:26 -0500 Simo Sorce <ssorce redhat com> wrote: > It seem to me that SELinux can provide for the same (or better) > "features" of chroot without actually requiring a chrooted > environment. So shouldn't we simply provide targeted policies and not > use chroot for known services ? That's not the point of many chroot usages. Frequently chroots are used to gain access to content from a different release or arch than what you have installed. EG we use RHEL5 to create chroots of f9 and build packages within that chroot using F9 content. Likewise we do a pure i386 package set on x86_64 to accomplish our i386 build. These types of usages cannot be easily replaced with an selinux policy. -- Jesse Keating Fedora -- All my bits are free, are yours?
Description: PGP signature