On Thu, 2008-04-17 at 10:43 +1000, James Morris wrote: > On Wed, 16 Apr 2008, Bill Nottingham wrote: > > > James Morris (jmorris@xxxxxxxxx) said: > > > > * All the parties are here now needed to figure this out > > > > * Someone better than me is going to reply with specifics about what is > > > > not working in the buildsys > > > > * We all agree it's pretty important to get this figured out in a good > > > > way > > > > > > Can you please explain specifically what the problem is? > > > > You cannot create files in a chroot of a context not known by the > > host policy. This means that if your host is running RHEL 5, you are > > unable to compose any trees/images/livecds with SELinux enabled for > > later releases. > > Ok, that's what I suspected. > > One of the possible plans for this is to allow a process to run in a > separate policy namespace, and probably also utilize namespace support in > general. > > This is non-trivial and needs more analysis. Thanks. When we get to the point of needing to justify resource allocation on the Red Hat side, I'm here to present the "Fedora leadership request", if needed. Otherwise, not sure if this is going to be important enough to the intersecting sets of Fedoran and SELinux hacker who are not part of the @redhat.com set. - Karsten -- Karsten Wade, Sr. Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
