Fedora buildsys and SELinux
Dennis Gilmore
dennis at ausil.us
Tue May 13 17:29:30 UTC 2008
On Tuesday 13 May 2008, Daniel J Walsh wrote:
>
> I don't have a problem with calling restorecon on every single file,
> since this is a limited number of files. The goal is to allow the
> chroot to run without mucking around with the host security. So I don't
> have to run permissive or disabled if I use mock/livecd. If mock/livecd
> have to relabel when they complete that is fine.
I would really like to enable selinux on the actual builders. Right now it
has to be disabled. If not alot of things build ok but certain packages will
switch to enforcing inside the chroot when the host is in permissive mode.
and it causes all sorts of fun and failed builds. for the builders i think
that calling restorecon will slow down builds too much. A new chroot is
created for each and every build.
This is a seperate issue from having machines for doing composes.
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080513/d383aaa9/attachment.sig>
More information about the fedora-selinux-list
mailing list