SELinux in mock
Jesse Keating
jkeating at redhat.com
Wed Jan 14 05:26:33 UTC 2009
On Tue, 2009-01-13 at 22:08 -0700, Jerry James wrote:
>
>
> How is that supposed to work? This is blocking the GCL build, which
> has to change dumped images to type gcl_exec_t when SELinux is active
> (checked with selinuxenabled). If the policy is not managed or the
> store cannot be accessed, then selinuxenabled should be setting its
> exit code to 1, should it not? As it is, the GCL build fails when
> trying to invoke chcon because selinuxenabled is apparently lying.
selinuxenabled I do believe likely just checks the kernel, which on the
host may indeed be running. However within the chroot the policy may be
mismatching or completely non-existent. There is very early support for
allowing in chroot policy to work, but it's certainly not in play on our
builders in Koji, which are a el5 base.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090113/5f5408cf/attachment.sig>
More information about the fedora-devel-list
mailing list