On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote: > On Jan 22, 2008 12:16 PM, Jeff Spaleta <jspaleta@xxxxxxxxx> wrote: > > Selinux when interacting with any chroot-like apparatus is still a > > problem. Perhaps its time to take stock of all the packages that rely > > on chroot-like behavior which are similarly affected by selinux, so > > that a common technical solution can be found and applied. > > +1 > > This is just a bug between SELinux and any chrooting program. It is > not a reason to fetch torches and pitchforks or to complain that > SELinux sucks, or any of that nonsense. Fixing the interaction between > SELinux and chroot is one of those things that can only get better the > more real world usage SELinux sees. It seem to me that SELinux can provide for the same (or better) "features" of chroot without actually requiring a chrooted environment. So shouldn't we simply provide targeted policies and not use chroot for known services ? Simo. -- | Simo S Sorce | | Sr.Soft.Eng. | | Red Hat, Inc | | New York, NY | -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
