On Sun, 2005-01-09 at 19:51 -0800, Bob Kashani wrote:
I'm actually playing around with UML as well. :) The only issue with virtualization is that you end up taking a performance hit but on the other hand it does make life easier.
Right. By the way, I think Xen is in rawhide now, so that could be worth checking out.
I'll try your patches. But I did figure out a simple workaround. (not mounting /selinux in the chroot). It seems that if you don't mount /selinux in the chroot then load_policy doesn't try to install the policy in the chroot into the running kernel. I have no idea why that is the case.
Well, loading the policy will fail since load_policy just writes data to /selinux/load. I'm surprised that doesn't turn into a postinst error.
Anyways, I suspect that you don't want other tools inside the chroot to think SELinux is enabled, so the patches should help there. But I haven't tested this, so there may be something I'm missing.
But everything seems to work without mounting /selinux so...in fact it seems that I don't even need /sys either.
Lacking /sys will almost certainly cause problems.
I just tried mounting only /proc (which is what I was doing in the first place) with selinux- policy-targeted-1.17.30-2.68 and everything works!!! :) I did do a 'touch /.autorelabel' as specified in the FAQ which seems to have helped with a few other things as well.
What is it specifically that you are doing with the chroot? Building RPMs?