[refpolicy] apps_livecd.patch
Daniel J Walsh
dwalsh at redhat.com
Tue Jul 21 09:44:12 CDT 2009
On 07/21/2009 10:11 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 09:55 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/apps_livecd.patch
>>
>> Policy for the livecd command, allows the creation of images for
>> different OS Versions then the host machine.
>
> I don't understand why this needs its own policy.
>
livecd policy is used to allow it to apply labels that the host machine does not understand. So if I am running livecd on a F10 box, and I want to build a livecd for F11, livecd will write context that F10 does not understand. It should be the only process allowed to write these labels.
seutil_domtrans_setfiles_mac(livecd_t)
Is the key.
More information about the refpolicy
mailing list