[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: selinux breaks revisor
- From: Simo Sorce <ssorce redhat com>
- To: Development discussions related to Fedora <fedora-devel-list redhat com>
- Subject: Re: selinux breaks revisor
- Date: Tue, 22 Jan 2008 13:04:26 -0500
On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote:
> On Jan 22, 2008 12:16 PM, Jeff Spaleta <jspaleta gmail com> wrote:
> > Selinux when interacting with any chroot-like apparatus is still a
> > problem. Perhaps its time to take stock of all the packages that rely
> > on chroot-like behavior which are similarly affected by selinux, so
> > that a common technical solution can be found and applied.
>
> +1
>
> This is just a bug between SELinux and any chrooting program. It is
> not a reason to fetch torches and pitchforks or to complain that
> SELinux sucks, or any of that nonsense. Fixing the interaction between
> SELinux and chroot is one of those things that can only get better the
> more real world usage SELinux sees.
It seem to me that SELinux can provide for the same (or better)
"features" of chroot without actually requiring a chrooted environment.
So shouldn't we simply provide targeted policies and not use chroot for
known services ?
Simo.
--
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]