Daniel J Walsh (dwalsh@xxxxxxxxxx) said: > Well I think we need to do a couple of these to figure out the common > requirements. > > I envision mock to be quite different then livecd. I think we need to > full the mock chroot to think SELinux is disabled and to do no labeling > in the chroot. This would allow us to confine the mock process to be > able to write to the chroot and label the chroot mock_rw_t. We could > then use SELinux to prevent mock environments from breaking out of the > chroot, and stop mock environments from doing evil network things within > the chroot. > > In livecd we need to be able to put down labels that the host machine > does not understand. The problem is that mock can be used to do non-build things. (For example, creating the anaconda install images.) Bill -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
