On Wed, 16 Apr 2008, Bill Nottingham wrote: > James Morris (jmorris@xxxxxxxxx) said: > > > * All the parties are here now needed to figure this out > > > * Someone better than me is going to reply with specifics about what is > > > not working in the buildsys > > > * We all agree it's pretty important to get this figured out in a good > > > way > > > > Can you please explain specifically what the problem is? > > You cannot create files in a chroot of a context not known by the > host policy. This means that if your host is running RHEL 5, you are > unable to compose any trees/images/livecds with SELinux enabled for > later releases. Ok, that's what I suspected. One of the possible plans for this is to allow a process to run in a separate policy namespace, and probably also utilize namespace support in general. This is non-trivial and needs more analysis. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
