On Tue, 2006-03-21 at 19:06 -0500, J. Hartline wrote:
Chitlesh GOORAH wrote:
>Someone before my participation to this project, has added
>"make SELinux work on live system"
>to
http://fedoraproject.org/wiki/Kadischi/Schedule
>
>I think there was something wrong with SELinux on Live CDs.
>
>Does it now? I haven't yet look deeply at it.
>
I believe that was a general statement, as in some aspects of SELinux
may not work in readonly-root environment.
Ermm, no. SELinux is perfectly fine with a read-only environment.
I can predispose they didn't mean just "label files as is
stock in
Fedora Core".
Which would be fixed when RPM knows how to distribute files with contexts
in it's payload. I too should look more into this as I haven't yet built
any with SELinux enabled.
And RPM has been setting file contexts since FC2.
The problem is that the various compressed filesystems don't actually
support xattrs which is required for setting up the SELinux file
contexts.
Jeremy