Is it possible to create new context types in a loadable module? Here's why I ask: I'm trying to use mock to build packages on FC5 targeted at older distributions, like Red Hat 8 for instance (more on mock at http://fedoraproject.org/wiki/Legacy/Mock and http://fedoraproject.org/wiki/Projects/Mock). What mock basically does is to create a chroot with a build environment for the target distribution and runs a regular rpm build within that chroot, pulling in the other distro's binaries, shared libraries, etc. Mock's approach to SELinux is simple: it loads a dummy libselinux that effectively turns it off. However, with FC5, this no longer seems to be enough. The memory tests don't like loading ancient DSO's that don't have separate stack segments and so some builds fail with execmod errors. I tried using semanage to set the default context for .so.* files under the chroot to textrel_shlib_t but although restorecon targeted those files properly, the contexts weren't set properly within the chrooted build (would I have to remove the chroot prefix in the semanage call to get that to work? it's not something I want to do as I'll get the wrong contexts on files in the host system that way). So, my idea was to define everything under my chroot as a new type, mock_root_t, and then have a module like this: module mock 0.2; require { class file execmod; type unconfined_t; type mock_root_t; }; allow unconfined_t mock_root_t:file execmod; However, I can't load this module using semodule because mock_root_t doesn't exist. So is there a way of defining a new type in a module? Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
