Mike Cloaked wrote: > > By the way there was one other thing I did to make sure that selinux > should work when I made the bind mount to the changed chroot area: > > > Mike Cloaked wrote: >> >> >> 1) I wanted to have the files in the /opt partition so as not to use up >> the limited space in the root partition so I did this, but it is not >> essential. >> Changed the directory where the mock files are going to be on the /opt >> partition >> As root: >> mkdir /opt/Local/mock >> >> > > Now make an equivalence of the security contexts for this new area to be > the same as the original by > semanage fcontext -a -e /var/lib/mock /opt/Local/mock > Then > restorecon /opt/Local/mock should give the same contexts as /var/lib/mock > and this can be checked using > ll -Z /opt/Local/mock > ll -Z /var/lib/mock > > Check the mock directory has the correct permissions > ll -Zd /opt/Local/mock > drwxrwsr-x. root mock system_u:object_r:var_lib_t:s0 /opt/Local/mock > ll -Zd /var/lib/mock > drwxrwsr-x. root mock system_u:object_r:var_lib_t:s0 /var/lib/mock > > Then the recipe is as I gave in the previous post. > > I ran the build with selinux enforcing and it seems to have worked just > fine - at least no AVCs popped up! > > I just tried a test install with the iso that the procedure generated - it installed just fine - BUT it does not seem to have pulled in the latest updates and seems pretty much the same as the original - so I must have missed a step somewhere - I had not done a build since F10 and I don't know where I missed a trick in my notes! Possibly the pungi build command needs a parameter somewhere? -- View this message in context: http://www.nabble.com/kickstart----refreshing-rpm%27s.-tp25811684p25862738.html Sent from the Fedora List mailing list archive at Nabble.com. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
