On Wed, 16 Apr 2008, Bill Nottingham wrote:
James Morris (jmorris@namei.org) said:
- All the parties are here now needed to figure this out
- Someone better than me is going to reply with specifics about what is
not working in the buildsys
- We all agree it's pretty important to get this figured out in a good
way
Can you please explain specifically what the problem is?
You cannot create files in a chroot of a context not known by the host policy. This means that if your host is running RHEL 5, you are unable to compose any trees/images/livecds with SELinux enabled for later releases.
Ok, that's what I suspected.
One of the possible plans for this is to allow a process to run in a separate policy namespace, and probably also utilize namespace support in general.
This is non-trivial and needs more analysis.
- James