On Tue, 2008-01-22 at 16:23 -0600, Michael E Brown wrote:
On Tue, Jan 22, 2008 at 01:04:26PM -0500, Simo Sorce wrote:
On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote:
On Jan 22, 2008 12:16 PM, Jeff Spaleta jspaleta@gmail.com wrote:
Selinux when interacting with any chroot-like apparatus is still a problem. Perhaps its time to take stock of all the packages that rely on chroot-like behavior which are similarly affected by selinux, so that a common technical solution can be found and applied.
+1
This is just a bug between SELinux and any chrooting program. It is not a reason to fetch torches and pitchforks or to complain that SELinux sucks, or any of that nonsense. Fixing the interaction between SELinux and chroot is one of those things that can only get better the more real world usage SELinux sees.
It seem to me that SELinux can provide for the same (or better) "features" of chroot without actually requiring a chrooted environment. So shouldn't we simply provide targeted policies and not use chroot for known services ?
You miss the point.
Things like pungi, mock, livecd-creator... Their whole existence in life relies heavily on creating a chroot to do their business.
This is not a problem we can just say "dont do that", it needs to be fixed, as mentioned by other posters.
And you come in late :-) Already apologized in another mail.
Simo.