On Thu, Mar 30, 2017, at 09:44 AM, Stephen Smalley wrote:
> You shouldn't hardcode security contexts, ever. Why can't one just fix
> the Fedora policy? Do we still even need the <> entries for
> /proc in file_contexts in Fedora policy, given that restorecon is now
> smart enough to skip any
On Thu, Mar 30, 2017 at 09:44:34AM -0400, Stephen Smalley wrote:
> On Wed, 2017-03-29 at 17:00 -0400, Colin Walters wrote:
> > Hi, see: https://github.com/ostreedev/ostree/pull/768
> >
> > TL;DR: Policy (at least Fedora's version) does not specify
> > a label for /proc on disk (as distinct from
On Wed, 2017-03-29 at 17:00 -0400, Colin Walters wrote:
> Hi, see: https://github.com/ostreedev/ostree/pull/768
>
> TL;DR: Policy (at least Fedora's version) does not specify
> a label for /proc on disk (as distinct from the `proc_t` from
> the genfscon).
>
> This causes some breakage in
On Thu, 30 Mar 2017 08:00:42 AM Colin Walters wrote:
> This causes some breakage in rpm-ostree (which I can work
> around), but I'd like a better fix than what I did above.
> Any suggestions? It probably doesn't
> matter too much what the actual type is since systemd will
> overmount it - should
Hi, see: https://github.com/ostreedev/ostree/pull/768
TL;DR: Policy (at least Fedora's version) does not specify
a label for /proc on disk (as distinct from the `proc_t` from
the genfscon).
This causes some breakage in rpm-ostree (which I can work
around), but I'd like a better fix than what I