load_policy in chroot question
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 10 15:24:29 UTC 2005
Bob Kashani wrote:
>When I install the selinux-policy-targeted rpm in a chroot it seems that
>load_policy is executed and loads the policy that's installed in the
>chroot into the running kernel (I'm assuming via %post). Should
>installing the selinux-policy-targeted rpm in a chroot allow this to
>happen? What if you're installing a policy into the chroot that's
>different than the one you have installed on your system? Is there a way
>to not allow load_policy to execute in a chroot?
>
>Here is the AVC messages I'm getting:
>
>Jan 8 21:38:23 chaucer kernel: audit(1105249103.605:0): avc: granted
>{ load_policy } for pid=4233 exe=/usr/sbin/load_policy
>scontext=root:system_r:unconfined_t
>tcontext=system_u:object_r:security_t tclass=security
>Jan 8 21:38:23 chaucer kernel: security: 3 users, 4 roles, 316 types,
>20 bools
>Jan 8 21:38:23 chaucer kernel: security: 53 classes, 7962 rules
>
>Bob
>
>
>
rpm --noscripts
More information about the fedora-selinux-list
mailing list