On Thu, Jan 03, 2008 at 03:41:02PM +0000, Paul Howarth wrote: > Michael E Brown wrote: > >This is odd. I ran a full unit test until I didnt see this message at > >all. Might be having git sync issues with our public mirror, I'll check. > > I don't think this stuff is necessary any more. Since selinux-policy > 3.0.8-67 in Fedora 8, /usr/bin/mock is labelled > unconfined_notrans_exec_t. So mock doesn't transition into other domains > and it doesn't matter that rpm labels files in the chroot with context > types that would normally cause the problematic transitions (into > useradd_t, ldconfig_t etc.). The result is nice, clean, denial-free > builds with SELinux in enforcing mode. > > This fix also renders the mock policy module as described on the wiki > (the MockTricks page) largely redundant. The only exception case I can > see is if some task needing to run as part of a build requires execheap > permission, which might happen for some mono/java-based packages but I > don't know of any problem packages right now. That bridge can no doubt > be crossed when someone comes tp it. > > Not sure if this fix has been applied in F-7 or if it will ever make it > into RHEL/CentOS though.
Well this is good news. Thanks. -- Michael -- Fedora-buildsys-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
