[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora buildsys and SELinux



>> the challenges we have with SELinux in the Fedora build system.

> Can you please explain specifically what the problem is?

One of the problems is that the result of a pungi compose that is performed
with SELinux enforcing, does not install SELinux enabled by default,
because [a chain of events] the DVD/CD does not contain the policy file,
partly because under enforcing you cannot create a virtualized /dev/null
that has the right context.
   http://bugzilla.redhat.com/show_bug.cgi?id=343861
   http://bugzilla.redhat.com/show_bug.cgi?id=343851
The workaround is "setenforce 0" during the pungi compose.

In general, it looks to me like SELinux itself cannot be virtualized.
[I really didn't expect it, but nevertheless I cannot find it.]
This means that any time you want to "fake it", then you must
turn off enforcing, or create a full virtualized OS instance
that has enforcing off.

-- 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]