[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux breaks revisor



On Tue, 22 Jan 2008 13:04:26 -0500
Simo Sorce <ssorce redhat com> wrote:

> It seem to me that SELinux can provide for the same (or better)
> "features" of chroot without actually requiring a chrooted
> environment. So shouldn't we simply provide targeted policies and not
> use chroot for known services ?

That's not the point of many chroot usages.  Frequently chroots are
used to gain access to content from a different release or arch than
what you have installed.  EG we use RHEL5 to create chroots of f9 and
build packages within that chroot using F9 content.  Likewise we do a
pure i386 package set on x86_64 to accomplish our i386 build.  These
types of usages cannot be easily replaced with an selinux policy.

-- 
Jesse Keating
Fedora -- All my bits are free, are yours?

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]