mock context
Is there some reason why the context type of /usr/sbin/mock has reverted
to bin_t in F9 from unconfined_notrans_exec_t in F8? The latter still seems to work OK for me in F9 and significantly reduces the number of spurious AVCs when using mock. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list |
mock context
On Sun, 2008-05-25 at 16:20 +0100, Paul Howarth wrote:
> Is there some reason why the context type of /usr/sbin/mock has reverted > to bin_t in F9 from unconfined_notrans_exec_t in F8? The latter still > seems to work OK for me in F9 and significantly reduces the number of > spurious AVCs when using mock. I think Dan did it after reading some of my messages about getting livecd's to work. I've since reverted it on my local livecd building systems and just haven't told dan I think unconfined_notrans_exec_t is the right way to go after all... Sorry, just still so much in progress with livecd and eventually mock... Dan, I think leave it as notrans for now and eventually i'm going to want a custom mock/livecd type to be determined at a later date... (at least that's my guess...) -Eric -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list |
mock context
Eric Paris wrote:
> On Sun, 2008-05-25 at 16:20 +0100, Paul Howarth wrote: >> Is there some reason why the context type of /usr/sbin/mock has reverted >> to bin_t in F9 from unconfined_notrans_exec_t in F8? The latter still >> seems to work OK for me in F9 and significantly reduces the number of >> spurious AVCs when using mock. > > I think Dan did it after reading some of my messages about getting > livecd's to work. I've since reverted it on my local livecd building > systems and just haven't told dan I think unconfined_notrans_exec_t is > the right way to go after all... > > Sorry, just still so much in progress with livecd and eventually mock... > > Dan, I think leave it as notrans for now and eventually i'm going to > want a custom mock/livecd type to be determined at a later date... > > (at least that's my guess...) > > -Eric > > -- > fedora-selinux-list mailing list > fedora-selinux-list@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-selinux-list I changed it back in -58, but I want to generate a mock file context with limited access to network for example. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list |
mock context
Daniel J Walsh wrote:
Eric Paris wrote: On Sun, 2008-05-25 at 16:20 +0100, Paul Howarth wrote: Is there some reason why the context type of /usr/sbin/mock has reverted to bin_t in F9 from unconfined_notrans_exec_t in F8? The latter still seems to work OK for me in F9 and significantly reduces the number of spurious AVCs when using mock. I think Dan did it after reading some of my messages about getting livecd's to work. I've since reverted it on my local livecd building systems and just haven't told dan I think unconfined_notrans_exec_t is the right way to go after all... Sorry, just still so much in progress with livecd and eventually mock... Dan, I think leave it as notrans for now and eventually i'm going to want a custom mock/livecd type to be determined at a later date... (at least that's my guess...) -Eric I changed it back in -58, but I want to generate a mock file context with limited access to network for example. Please make network access restrictions tunable by a boolean; I tend to leave network tests enabled in the packages I build locally in mock. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list |
mock context
Paul Howarth wrote:
> Daniel J Walsh wrote: >> Eric Paris wrote: >>> On Sun, 2008-05-25 at 16:20 +0100, Paul Howarth wrote: >>>> Is there some reason why the context type of /usr/sbin/mock has >>>> reverted >>>> to bin_t in F9 from unconfined_notrans_exec_t in F8? The latter still >>>> seems to work OK for me in F9 and significantly reduces the number of >>>> spurious AVCs when using mock. >>> I think Dan did it after reading some of my messages about getting >>> livecd's to work. I've since reverted it on my local livecd building >>> systems and just haven't told dan I think unconfined_notrans_exec_t is >>> the right way to go after all... >>> >>> Sorry, just still so much in progress with livecd and eventually mock... >>> >>> Dan, I think leave it as notrans for now and eventually i'm going to >>> want a custom mock/livecd type to be determined at a later date... >>> >>> (at least that's my guess...) >>> >>> -Eric >> >> I changed it back in -58, but I want to generate a mock file context >> with limited access to network for example. > > Please make network access restrictions tunable by a boolean; I tend to > leave network tests enabled in the packages I build locally in mock. > > Paul. Yes this would definitely be a tunable. I am just trying to think of ways we could protect the Fedora Infrastructure. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list |
| All times are GMT. The time now is 04:31 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.