load_policy in chroot question
Bob Kashani
bobk at ocf.berkeley.edu
Sun Jan 9 05:55:07 UTC 2005
When I install the selinux-policy-targeted rpm in a chroot it seems that
load_policy is executed and loads the policy that's installed in the
chroot into the running kernel (I'm assuming via %post). Should
installing the selinux-policy-targeted rpm in a chroot allow this to
happen? What if you're installing a policy into the chroot that's
different than the one you have installed on your system? Is there a way
to not allow load_policy to execute in a chroot?
Here is the AVC messages I'm getting:
Jan 8 21:38:23 chaucer kernel: audit(1105249103.605:0): avc: granted
{ load_policy } for pid=4233 exe=/usr/sbin/load_policy
scontext=root:system_r:unconfined_t
tcontext=system_u:object_r:security_t tclass=security
Jan 8 21:38:23 chaucer kernel: security: 3 users, 4 roles, 316 types,
20 bools
Jan 8 21:38:23 chaucer kernel: security: 53 classes, 7962 rules
Bob
--
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome
More information about the fedora-selinux-list
mailing list