Eric Paris (eparis@xxxxxxxxxx) said: > So I've spent a fair bit of time the last 2 weeks trying to get > livecd-creator and an selinux enforcing machine to play nicely together. > It doesn't look like much, but from the point of view of the livecd > creator I think the following patch is all we need. Working with > rawhide as the host system I was able to build F8, F9 and rawhide > livecd's with an enforcing machine. > > I wouldn't suggest jumping into enfocing builds just yet as there are > still some policy issues I need to work out with the selinux people but > I would like comments. Basically its quite simple, if selinux is on the > host we create a fake /selinux which tells the install chroot lies. > I've had to make some changes to some selinux libraries to support all > this, but I think we are just about there. > > I'll probably backport some of the kernel changes to F9 after they are > all tested and better settled but for now I'd like input on my livecd > changes.... My concern is this is a normal occurence (needing a chroot) that you're only patching in one place. Do we code this same logic into mock? Into pungi? Into yum --installroot? Into the documentation for admins on how to set up a chroot? (Also, for general use, we need this in a RHEL 5 kernel. Fun!) Bill -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
