Re: selinux breaks revisor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 22, 2008 at 01:04:26PM -0500, Simo Sorce wrote:
> 
> On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote:
> > On Jan 22, 2008 12:16 PM, Jeff Spaleta <jspaleta@xxxxxxxxx> wrote:
> > > Selinux when interacting with any chroot-like apparatus is still a
> > > problem.  Perhaps its time to take stock of all the packages that rely
> > > on chroot-like behavior which are similarly affected by selinux, so
> > > that a common technical solution can be found and applied.
> > 
> > +1
> > 
> > This is just a bug between SELinux and any chrooting program.  It is
> > not a reason to fetch torches and pitchforks or to complain that
> > SELinux sucks, or any of that nonsense. Fixing the interaction between
> > SELinux and chroot is one of those things that can only get better the
> > more real world usage SELinux sees.
> 
> It seem to me that SELinux can provide for the same (or better)
> "features" of chroot without actually requiring a chrooted environment.
> So shouldn't we simply provide targeted policies and not use chroot for
> known services ?

You miss the point.

Things like pungi, mock, livecd-creator... Their whole existence in life
relies heavily on creating a chroot to do their business.

This is not a problem we can just say "dont do that", it needs to be
fixed, as mentioned by other posters.
--
Michael

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux