[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux breaks revisor



On Tue, 2008-01-22 at 16:23 -0600, Michael E Brown wrote:
> On Tue, Jan 22, 2008 at 01:04:26PM -0500, Simo Sorce wrote:
> > 
> > On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote:
> > > On Jan 22, 2008 12:16 PM, Jeff Spaleta <jspaleta gmail com> wrote:
> > > > Selinux when interacting with any chroot-like apparatus is still a
> > > > problem.  Perhaps its time to take stock of all the packages that rely
> > > > on chroot-like behavior which are similarly affected by selinux, so
> > > > that a common technical solution can be found and applied.
> > > 
> > > +1
> > > 
> > > This is just a bug between SELinux and any chrooting program.  It is
> > > not a reason to fetch torches and pitchforks or to complain that
> > > SELinux sucks, or any of that nonsense. Fixing the interaction between
> > > SELinux and chroot is one of those things that can only get better the
> > > more real world usage SELinux sees.
> > 
> > It seem to me that SELinux can provide for the same (or better)
> > "features" of chroot without actually requiring a chrooted environment.
> > So shouldn't we simply provide targeted policies and not use chroot for
> > known services ?
> 
> You miss the point.
> 
> Things like pungi, mock, livecd-creator... Their whole existence in life
> relies heavily on creating a chroot to do their business.
> 
> This is not a problem we can just say "dont do that", it needs to be
> fixed, as mentioned by other posters.

And you come in late :-)
Already apologized in another mail.

Simo.

-- 
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]