[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC] Livecd-creator and selinux, we can play nice



Eric Paris (eparis redhat com) said: 
> So I've spent a fair bit of time the last 2 weeks trying to get
> livecd-creator and an selinux enforcing machine to play nicely together.
> It doesn't look like much, but from the point of view of the livecd
> creator I think the following patch is all we need.  Working with
> rawhide as the host system I was able to build F8, F9 and rawhide
> livecd's with an enforcing machine.
> 
> I wouldn't suggest jumping into enfocing builds just yet as there are
> still some policy issues I need to work out with the selinux people but
> I would like comments.  Basically its quite simple, if selinux is on the
> host we create a fake /selinux which tells the install chroot lies.
> I've had to make some changes to some selinux libraries to support all
> this, but I think we are just about there.
> 
> I'll probably backport some of the kernel changes to F9 after they are
> all tested and better settled but for now I'd like input on my livecd
> changes....

My concern is this is a normal occurence (needing a chroot) that you're
only patching in one place. Do we code this same logic into mock? Into
pungi? Into yum --installroot? Into the documentation for admins on
how to set up a chroot?

(Also, for general use, we need this in a RHEL 5 kernel. Fun!)

Bill


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]