On Mon, Jan 13, 2014 at 10:20:22AM -0500, Daniel J Walsh wrote: > Secondly we prevent even unconfined_t from putting down labels on > the file system that the kernel does not understand. IE If I am > building a F21 image on a RHEL6 box, it would blow up in enforcing > mode if run as unconfined_t. We added a special policy called > livecd_t that is allowed to put down labels which the kernel does > not understand, and unconfined_t will transition to this domain.
Slightly off-topic, but this (in-)ability to label files with labels which the kernel doesn't know about affects libguestfs negatively too. Is there some reason why it's bad? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
