On Mon, 2008-05-12 at 11:26 -0400, Bill Nottingham wrote: > Eric Paris (eparis@xxxxxxxxxx) said: > > same problem. Wonder how people would feel about really hacking up the > > buildroot creator to force install selinux stuff first and then run the > > full install transaction set.... > > Due to dependencies, you can never load the policy 'first'. Just to make this a little bit more explicit for others following along, we can't due this because loading the policy requires that the policy be installed on disk as well as things like load_policy being on disk. That depends on having libc, etc in the chroot as well. So ignoring questions of taste, you'd still have the chicken and egg problem. But as far as taste as concerned, hacking up every single thing that ever creates a chroot feels wrong, wrong, wrong, wrong, wrong. Especially because it's not little hacks, it's a big hack involving creating a new micro-transaction with only a subset of the packages. It also becomes "interesting" when you start to think about update operations within a chroot. Jeremy -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list