[ https://bugzilla.yoctoproject.org/show_bug.cgi?id=6580 ]
Hi, after upgrade to recent pseudo 1.6+, oe-core stops to build as a confined SELinux now. This happens because SELinux provides more than the xattr file api and 'pseudo' does not intercept e.g. writing into '/proc/self/attr/fscreate'. IMO, turning off every SELinux related operation in do_install() (which is wrapped by 'pseudo') is a clean way to fix and improve building. If OE supports SELinux for targets sometime, the file relabeling should be done in do_rootfs() by using a chroot aware 'restorecon' (e.g. which reads the file context policy from the chroot but not from system wide /etc/selinux). Unfortunately, I do not know a way to make applications think they are running without SELinux. But patching 'pseudo' to return faked values for 'is_selinux_enabled()' seems to be a good solution. Bug #6580 mentioned at the beginning contains some discussion and a patch. What do other people think about it? Enrico -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
