On Tue, 2008-01-22 at 13:01 -0500, Yaakov Nemoy wrote:
On Jan 22, 2008 12:16 PM, Jeff Spaleta <jspaleta(a)gmail.com>
wrote:
> Selinux when interacting with any chroot-like apparatus is still a
> problem. Perhaps its time to take stock of all the packages that rely
> on chroot-like behavior which are similarly affected by selinux, so
> that a common technical solution can be found and applied.
+1
This is just a bug between SELinux and any chrooting program. It is
not a reason to fetch torches and pitchforks or to complain that
SELinux sucks, or any of that nonsense. Fixing the interaction between
SELinux and chroot is one of those things that can only get better the
more real world usage SELinux sees.
It seem to me that SELinux can provide for the same (or better)
"features" of chroot without actually requiring a chrooted environment.
So shouldn't we simply provide targeted policies and not use chroot for
known services ?
Simo.
--
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |