Red Hat Bugzilla – Bug 208275
chroot problems with selinux and olpc
Last modified: 2013-03-05 22:47:03 EST
Description of problem:
For OLPC builds we install the desired OS in a chroot on the build machine. We
use yum that in turn uses rpm.
We want to use SELinux on the OLPC machine. The SELinux policy for OLPC may be
tailor-made for OLPC.
The build machine may or may not run SELinux. The build machine may be running
RHEL4. It may run FC5.
As such, the SELinux policy that controls file labels may differ in the
installed OS vs. the OS running on the build machine.
What I'm seeing today is that this only works if the SELinux policy on build
machine matches the SELinux policy of the installed OS.
Is there a magic option to give e.g. /sbin/fixfiles so it uses the policy in the
chroot instead of that in /selinux (which is bind mounted in the chroot)?
The only alternative I can think of right now includes using qemu to boot the
installed kernel and have a initrd that runs /sbin/fixfiles.
This affects livecd generation too (I have a livecd generator that works with
SELinux, it uses the ext3 file system on a loopback device).
Please advise. Thanks.
setfiles /etc/selinux/targeted/contexts/file_contexts /
should get you what you want
fixfiles restore in the chroot should do the above.
David, are you going to make changes to the build scripts to support this?
Sounds like it's resolved other than making the change.
Yea, I talked to dwalsh in the hallway about this yesterday. It works very
nicely for me on Rawhide, want to test on RHEL4 too since that is our build
Great, let me know how those tests go.