Re: Fedora buildsys and SELinux
James Morris (jmorris(a)namei.org) said:
> You cannot create files in a chroot of a context not known by
the
> host policy. This means that if your host is running RHEL 5, you are
> unable to compose any trees/images/livecds with SELinux enabled for
> later releases.
Ok, that's what I suspected.
One of the possible plans for this is to allow a process to run in a
separate policy namespace, and probably also utilize namespace support in
general.
This is non-trivial and needs more analysis.
Incidentally, this is also one of the blockers for policy-in-packages,
rather than a monolithic one.
Bill