Daniel J Walsh (dwalsh(a)redhat.com) said:
Well I think we need to do a couple of these to figure out the
common
requirements.
I envision mock to be quite different then livecd. I think we need to
full the mock chroot to think SELinux is disabled and to do no labeling
in the chroot. This would allow us to confine the mock process to be
able to write to the chroot and label the chroot mock_rw_t. We could
then use SELinux to prevent mock environments from breaking out of the
chroot, and stop mock environments from doing evil network things within
the chroot.
In livecd we need to be able to put down labels that the host machine
does not understand.
The problem is that mock can be used to do non-build things. (For example,
creating the anaconda install images.)
Bill