selinux breaks revisor

James Morris jmorris at namei.org
Thu Jan 24 23:17:05 UTC 2008


On Thu, 24 Jan 2008, Daniel P. Berrange wrote:

> > Something to consider perhaps is the use of lguest, which is currently 
> > i386 only, but does boot up nearly instantaneously, and can be scripted, 
> > as its console is the launching shell.
> > 
> > Is there an efficient technique for mounting a disk image so that changes 
> > made to it are discarded?
> 
> Sure, just create an LVM writable snapshot of your master image, and boot
> with that instead, and throw away the snapshot when you're done.

Cool.  So if there was a RPM package which contained a barebones Fedora 
image and some management scripts, I don't imagine it would be too 
difficult to do things like build RPMs inside that with e.g. different 
SELinux policies to the host.  Any supporting RPMS required inside the 
guest could be installed via a script either from host media or over the 
net, then the final RPM (or whatever is being created) could be copied 
back out to the host before discarding the guest instance.

It would not be as fast or simple as chroot, but I suspect it would work 
pretty well, especially if the guest dispenses with all non-essential 
startup.


- James
-- 
James Morris
<jmorris at namei.org>




More information about the fedora-devel-list mailing list