James Morris (jmorris@xxxxxxxxx) said: > > You cannot create files in a chroot of a context not known by the > > host policy. This means that if your host is running RHEL 5, you are > > unable to compose any trees/images/livecds with SELinux enabled for > > later releases. > > Ok, that's what I suspected. > > One of the possible plans for this is to allow a process to run in a > separate policy namespace, and probably also utilize namespace support in > general. > > This is non-trivial and needs more analysis. Incidentally, this is also one of the blockers for policy-in-packages, rather than a monolithic one. Bill -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
