Eric Paris (eparis(a)redhat.com) said:
So I've spent a fair bit of time the last 2 weeks trying to get
livecd-creator and an selinux enforcing machine to play nicely together.
It doesn't look like much, but from the point of view of the livecd
creator I think the following patch is all we need. Working with
rawhide as the host system I was able to build F8, F9 and rawhide
livecd's with an enforcing machine.
I wouldn't suggest jumping into enfocing builds just yet as there are
still some policy issues I need to work out with the selinux people but
I would like comments. Basically its quite simple, if selinux is on the
host we create a fake /selinux which tells the install chroot lies.
I've had to make some changes to some selinux libraries to support all
this, but I think we are just about there.
I'll probably backport some of the kernel changes to F9 after they are
all tested and better settled but for now I'd like input on my livecd
My concern is this is a normal occurence (needing a chroot) that you're
only patching in one place. Do we code this same logic into mock? Into
pungi? Into yum --installroot? Into the documentation for admins on
how to set up a chroot?
(Also, for general use, we need this in a RHEL 5 kernel. Fun!)