On Sun, 2005-01-09 at 19:51 -0800, Bob Kashani wrote: > I'm actually playing around with UML as well. :) The only issue with > virtualization is that you end up taking a performance hit but on the > other hand it does make life easier. Right. By the way, I think Xen is in rawhide now, so that could be worth checking out. > I'll try your patches. But I did figure out a simple workaround. (not > mounting /selinux in the chroot). It seems that if you don't > mount /selinux in the chroot then load_policy doesn't try to install the > policy in the chroot into the running kernel. I have no idea why that is > the case. Well, loading the policy will fail since load_policy just writes data to /selinux/load. I'm surprised that doesn't turn into a postinst error. Anyways, I suspect that you don't want other tools inside the chroot to think SELinux is enabled, so the patches should help there. But I haven't tested this, so there may be something I'm missing. > But everything seems to work without mounting /selinux so...in > fact it seems that I don't even need /sys either. Lacking /sys will almost certainly cause problems. > I just tried mounting > only /proc (which is what I was doing in the first place) with selinux- > policy-targeted-1.17.30-2.68 and everything works!!! :) I did do a > 'touch /.autorelabel' as specified in the FAQ which seems to have helped > with a few other things as well. What is it specifically that you are doing with the chroot? Building RPMs?
