selinux breaks revisor
Valent Turkovic
valent.turkovic at gmail.com
Tue Jan 22 15:42:00 UTC 2008
2008/1/22 Jesse Keating <jkeating at redhat.com>:
> On Tue, 22 Jan 2008 13:29:03 +0100
> "Valent Turkovic" <valent.turkovic at gmail.com> wrote:
>
> > I tested revisor and wanted to make an up to date version of Fedora 8
> > Live CD - but selinux put a stop to that.
>
> Selinux is not going to work at all for things like revisor (and
> pungi/livecd-creator). Both make use of chroots to install packages
> into, and in certain cases you can wind up causing lots of harm to your
> host system (installing a new policy in the chroot will actually cause
> that policy to activate on the running kernel and then you have policy
> that doesn't match labels, watch the fun!).
>
> It is strongly recommended that you disable SELinux or at least put it
> in permissive if you're going to be doing composes.
Is there a was to make selinux aware of that or atleast put a
notification window saying that you need to disable selinux in order
to use revisor?
One more issue for removing selinux as I said in an earlier thread :)
Selinux breaks features by desing and in a bad way, and I as a user
see more trouble from selinux than it is worth (just MHO).
Valent.
--
http://kernelreloaded.blog385.com/
linux, blog, anime, spirituality, windsurf, wireless
registered as user #367004 with the Linux Counter, http://counter.li.org.
ICQ: 2125241, Skype: valent.turkovic
More information about the fedora-devel-list
mailing list