Bob Kashani wrote:
When I install the selinux-policy-targeted rpm in a chroot it seems that load_policy is executed and loads the policy that's installed in the chroot into the running kernel (I'm assuming via %post). Should installing the selinux-policy-targeted rpm in a chroot allow this to happen? What if you're installing a policy into the chroot that's different than the one you have installed on your system? Is there a way to not allow load_policy to execute in a chroot?
Here is the AVC messages I'm getting:
Jan 8 21:38:23 chaucer kernel: audit(1105249103.605:0): avc: granted { load_policy } for pid=4233 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security Jan 8 21:38:23 chaucer kernel: security: 3 users, 4 roles, 316 types, 20 bools Jan 8 21:38:23 chaucer kernel: security: 53 classes, 7962 rules
Bob
rpm --noscripts
