[Fedora-livecd-list] SELinux Enabled Images on SELinux Disabled Hosts
Colin Walters
walters at verbum.org
Mon May 3 20:51:24 UTC 2010
On Mon, May 3, 2010 at 1:20 PM, Jay Greguske <jgregusk at redhat.com> wrote:
>
> Host/LiveCD: Description
> - On/On: SELinux enforcing and functioning as expected
But this will still require that the host policy is exactly the same
(in general) as the target policy, right? Since we still have the
issue that if say a type is added from Fedora 12 to Fedora 13, the
Fedora 12 kernel in enforcing mode will refuse to lay down the (to it)
invalid context?
> - Off/On: SELinux enforcing and functioning as expected
Hm, by "off" here you mean entirely disabled on the host? In that
case I guess there are no xattr hooks for selinux. the kernel will
just happily lay whatever in there.
> - On/Off: File system is partially labelled due to Yum/RPM labelling the files during installation. I figured this was OK because SELinux is disabled so they shouldn't cause a problem (disk space usage is trivial)
Not a serious problem, agreed, ever since we got larger inodes.
More information about the livecd
mailing list