[RFC] Livecd-creator and selinux, we can play nice
Bill Nottingham
notting at redhat.com
Wed May 28 20:04:43 UTC 2008
Eric Paris (eparis at redhat.com) said:
> So I've spent a fair bit of time the last 2 weeks trying to get
> livecd-creator and an selinux enforcing machine to play nicely together.
> It doesn't look like much, but from the point of view of the livecd
> creator I think the following patch is all we need. Working with
> rawhide as the host system I was able to build F8, F9 and rawhide
> livecd's with an enforcing machine.
>
> I wouldn't suggest jumping into enfocing builds just yet as there are
> still some policy issues I need to work out with the selinux people but
> I would like comments. Basically its quite simple, if selinux is on the
> host we create a fake /selinux which tells the install chroot lies.
> I've had to make some changes to some selinux libraries to support all
> this, but I think we are just about there.
>
> I'll probably backport some of the kernel changes to F9 after they are
> all tested and better settled but for now I'd like input on my livecd
> changes....
My concern is this is a normal occurence (needing a chroot) that you're
only patching in one place. Do we code this same logic into mock? Into
pungi? Into yum --installroot? Into the documentation for admins on
how to set up a chroot?
(Also, for general use, we need this in a RHEL 5 kernel. Fun!)
Bill
More information about the fedora-selinux-list
mailing list