-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
run as install_t
#24
Comments
Alternatively...hmm, we may be able to just fork off the child |
cgwalters
added a commit
to cgwalters/ostree-rs-ext
that referenced
this issue
Dec 7, 2022
This is a hack to help detect the situation in containers/bootc#24 Ultimately, this whole issue makes it extremely hard to expose a *library* interface to our users because the requirement is infectious - they also need to be `install_t`. Anyways for now, this new module will help at least detect the situation.
Maybe we also need
|
Yep, exactly. So we need fedora-selinux/selinux-policy#1500 to ensure that the label is set correctly at the start. |
zpytela
pushed a commit
to fedora-selinux/selinux-policy
that referenced
this issue
Dec 8, 2022
For the same reasons ostree and rpm-ostree are. xref containers/bootc#24
Merged
zpytela
pushed a commit
to fedora-selinux/selinux-policy
that referenced
this issue
Apr 15, 2024
For the same reasons ostree and rpm-ostree are. xref containers/bootc#24 Resolves: RHEL-19199
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ah yes, this bites again 😢
Today e.g. rpm-ostree runs as
install_t
which lets it set unknown security contexts. We need to do the same...maybe hack in a quicksetexeccon()
or so.The text was updated successfully, but these errors were encountered: