On Tue, 2008-01-22 at 16:23 -0600, Michael E Brown wrote: > On Tue, Jan 22, 2008 at 01:04:26PM -0500, Simo Sorce wrote: > > > > On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote: > > > On Jan 22, 2008 12:16 PM, Jeff Spaleta <jspaleta@xxxxxxxxx> wrote: > > > > Selinux when interacting with any chroot-like apparatus is still a > > > > problem. Perhaps its time to take stock of all the packages that rely > > > > on chroot-like behavior which are similarly affected by selinux, so > > > > that a common technical solution can be found and applied. > > > > > > +1 > > > > > > This is just a bug between SELinux and any chrooting program. It is > > > not a reason to fetch torches and pitchforks or to complain that > > > SELinux sucks, or any of that nonsense. Fixing the interaction between > > > SELinux and chroot is one of those things that can only get better the > > > more real world usage SELinux sees. > > > > It seem to me that SELinux can provide for the same (or better) > > "features" of chroot without actually requiring a chrooted environment. > > So shouldn't we simply provide targeted policies and not use chroot for > > known services ? > > You miss the point. > > Things like pungi, mock, livecd-creator... Their whole existence in life > relies heavily on creating a chroot to do their business. > > This is not a problem we can just say "dont do that", it needs to be > fixed, as mentioned by other posters. And you come in late :-) Already apologized in another mail. Simo. -- | Simo S Sorce | | Sr.Soft.Eng. | | Red Hat, Inc | | New York, NY | -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
