[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora buildsys and SELinux



James Morris (jmorris namei org) said: 
> > You cannot create files in a chroot of a context not known by the
> > host policy. This means that if your host is running RHEL 5, you are
> > unable to compose any trees/images/livecds with SELinux enabled for
> > later releases.
> 
> Ok, that's what I suspected.
> 
> One of the possible plans for this is to allow a process to run in a 
> separate policy namespace, and probably also utilize namespace support in 
> general.
> 
> This is non-trivial and needs more analysis.

Incidentally, this is also one of the blockers for policy-in-packages,
rather than a monolithic one.

Bill


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]