mock context

Paul Howarth paul at city-fan.org
Thu May 29 15:08:05 UTC 2008


Daniel J Walsh wrote:
> Eric Paris wrote:
>> On Sun, 2008-05-25 at 16:20 +0100, Paul Howarth wrote:
>>> Is there some reason why the context type of /usr/sbin/mock has reverted
>>> to bin_t in F9 from unconfined_notrans_exec_t in F8? The latter still
>>> seems to work OK for me in F9 and significantly reduces the number of
>>> spurious AVCs when using mock.
>> I think Dan did it after reading some of my messages about getting
>> livecd's to work.  I've since reverted it on my local livecd building
>> systems and just haven't told dan I think unconfined_notrans_exec_t is
>> the right way to go after all...
>>
>> Sorry, just still so much in progress with livecd and eventually mock...
>>
>> Dan, I think leave it as notrans for now and eventually i'm going to
>> want a custom mock/livecd type to be determined at a later date...
>>
>> (at least that's my guess...)
>>
>> -Eric
> 
> I changed it back in -58, but I want to generate a mock file context
> with limited access to network for example.

Please make network access restrictions tunable by a boolean; I tend to 
leave network tests enabled in the packages I build locally in mock.

Paul.




More information about the fedora-selinux-list mailing list