>> the challenges we have with SELinux in the Fedora build system. > Can you please explain specifically what the problem is? One of the problems is that the result of a pungi compose that is performed with SELinux enforcing, does not install SELinux enabled by default, because [a chain of events] the DVD/CD does not contain the policy file, partly because under enforcing you cannot create a virtualized /dev/null that has the right context. http://bugzilla.redhat.com/show_bug.cgi?id=343861 http://bugzilla.redhat.com/show_bug.cgi?id=343851 The workaround is "setenforce 0" during the pungi compose. In general, it looks to me like SELinux itself cannot be virtualized. [I really didn't expect it, but nevertheless I cannot find it.] This means that any time you want to "fake it", then you must turn off enforcing, or create a full virtualized OS instance that has enforcing off. -- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
