Le Ven 27 janvier 2006 17:29, Steve Brueckner a écrit :
I'm creating an SELinux-enabled Xen VM on FC4. I create the file
system
for
the VM by copying the filesystem from the underlying host. For the very
first boot of the VM, I have it /.auotrelabel. However, when I then try
to
install an rpm inside the VM I get an avc denied, even though I can
install
the same rpm on the underlying host just fine. Even stranger, if I reboot
the VM once, I then have no problem installing the rpm inside of it.
I strongly suspect autorelabel is WAY BROKEN right now, meaning in many
cases after a relabel the system should reboot but doesn't (ie the new
policy is not effective after the relabeling before a reboot has occurred,
in fact I wonder what exact policy mashup applies till then)
This could be related to
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178125
I haven't have the time to do a complete investigation I may be totally
wrong but that's how things look like from there
--
Nicolas Mailhot