Re: [RFC] Livecd-creator and selinux, we can play nice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Paris (eparis@xxxxxxxxxx) said: 
> So I've spent a fair bit of time the last 2 weeks trying to get
> livecd-creator and an selinux enforcing machine to play nicely together.
> It doesn't look like much, but from the point of view of the livecd
> creator I think the following patch is all we need.  Working with
> rawhide as the host system I was able to build F8, F9 and rawhide
> livecd's with an enforcing machine.
> 
> I wouldn't suggest jumping into enfocing builds just yet as there are
> still some policy issues I need to work out with the selinux people but
> I would like comments.  Basically its quite simple, if selinux is on the
> host we create a fake /selinux which tells the install chroot lies.
> I've had to make some changes to some selinux libraries to support all
> this, but I think we are just about there.
> 
> I'll probably backport some of the kernel changes to F9 after they are
> all tested and better settled but for now I'd like input on my livecd
> changes....

My concern is this is a normal occurence (needing a chroot) that you're
only patching in one place. Do we code this same logic into mock? Into
pungi? Into yum --installroot? Into the documentation for admins on
how to set up a chroot?

(Also, for general use, we need this in a RHEL 5 kernel. Fun!)

Bill

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux