load_policy in chroot question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

When I install the selinux-policy-targeted rpm in a chroot it seems that
load_policy is executed and loads the policy that's installed in the
chroot into the running kernel (I'm assuming via %post). Should
installing the selinux-policy-targeted rpm in a chroot allow this to
happen? What if you're installing a policy into the chroot that's
different than the one you have installed on your system? Is there a way
to not allow load_policy to execute in a chroot?

Here is the AVC messages I'm getting:

Jan  8 21:38:23 chaucer kernel: audit(1105249103.605:0): avc:  granted
{ load_policy } for  pid=4233 exe=/usr/sbin/load_policy
scontext=root:system_r:unconfined_t
tcontext=system_u:object_r:security_t tclass=security
Jan  8 21:38:23 chaucer kernel: security:  3 users, 4 roles, 316 types,
20 bools
Jan  8 21:38:23 chaucer kernel: security:  53 classes, 7962 rules

Bob

-- 
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux