Re: Fedora buildsys and SELinux
On Tue, 13 May 2008 12:29:30 -0500
Dennis Gilmore <dennis(a)ausil.us> wrote:
On Tuesday 13 May 2008, Daniel J Walsh wrote:
>
> I don't have a problem with calling restorecon on every single file,
> since this is a limited number of files. The goal is to allow the
> chroot to run without mucking around with the host security. So I
> don't have to run permissive or disabled if I use mock/livecd. If
> mock/livecd have to relabel when they complete that is fine.
I would really like to enable selinux on the actual builders. Right
now it has to be disabled. If not alot of things build ok but
certain packages will switch to enforcing inside the chroot when the
host is in permissive mode. and it causes all sorts of fun and failed
builds.
Which packages do this?
I run my own mock builders with selinux enforcing on F8 and haven't
come across anything like that, though obviously the Fedora builders
are exposed to a much wider variety of packages than my small
collection.
Paul.