load_policy in chroot question
Bob Kashani
bobk at ocf.berkeley.edu
Mon Jan 10 06:01:05 UTC 2005
On Sun, 2005-01-09 at 21:01 -0800, Bob Kashani wrote:
> On Sun, 2005-01-09 at 23:20 -0500, Colin Walters wrote:
> > On Sun, 2005-01-09 at 19:51 -0800, Bob Kashani wrote:
> >
> > > I'm actually playing around with UML as well. :) The only issue with
> > > virtualization is that you end up taking a performance hit but on the
> > > other hand it does make life easier.
> >
> > Right. By the way, I think Xen is in rawhide now, so that could be
> > worth checking out.
>
> Cool, I'll check it out. Thanks!!! :)
>
> > > I'll try your patches. But I did figure out a simple workaround. (not
> > > mounting /selinux in the chroot). It seems that if you don't
> > > mount /selinux in the chroot then load_policy doesn't try to install the
> > > policy in the chroot into the running kernel. I have no idea why that is
> > > the case.
> >
> > Well, loading the policy will fail since load_policy just writes data
> > to /selinux/load. I'm surprised that doesn't turn into a postinst
> > error.
>
> I just checked the selinux-policy-targeted.spec and in the %post section
> at the very end there is an 'exit 0'.
Just to clarify: I meant that as an observation and not as something
that would cause it to fail.
BTW: I have a selinux dir in my chroot but there is nothing in it. Where
do the files in /selinux come from?
Bob
--
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome
More information about the fedora-selinux-list
mailing list