On Fri, Oct 9, 2009 at 9:21 AM, Mike Cloaked <mike.cloaked@xxxxxxxxx> wrote: > > By the way there was one other thing I did to make sure that selinux should > work when I made the bind mount to the changed chroot area: > > > Mike Cloaked wrote: >> >> >> 1) I wanted to have the files in the /opt partition so as not to use up >> the limited space in the root partition so I did this, but it is not >> essential. >> Changed the directory where the mock files are going to be on the /opt >> partition >> As root: >> mkdir /opt/Local/mock >> >> > > Now make an equivalence of the security contexts for this new area to be the > same as the original by > semanage fcontext -a -e /var/lib/mock /opt/Local/mock > Then > restorecon /opt/Local/mock should give the same contexts as /var/lib/mock > and this can be checked using > ll -Z /opt/Local/mock > ll -Z /var/lib/mock > > Check the mock directory has the correct permissions > ll -Zd /opt/Local/mock > drwxrwsr-x. root mock system_u:object_r:var_lib_t:s0 /opt/Local/mock > ll -Zd /var/lib/mock > drwxrwsr-x. root mock system_u:object_r:var_lib_t:s0 /var/lib/mock > > Then the recipe is as I gave in the previous post. > > I ran the build with selinux enforcing and it seems to have worked just fine > - at least no AVCs popped up! > > > -- > View this message in context: http://www.nabble.com/kickstart----refreshing-rpm%27s.-tp25811684p25824016.html > Sent from the Fedora List mailing list archive at Nabble.com. > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines > lotsa a great thoughts. My inital thought was that I could maybe mount OVER the current iso so when anaconda does the install it used the latest rpm. i may be barking up the wrong tree and anaconda may complain. I've read about filesystems that can be mounted with say a full image and then a file with changes that override the base system (forget the name). any thoughts on this or am I just creating work for myself? i could do it the %post way mentioned, just need to make the head node run nat in iptables. i didn't want to do that -- it will get slower as the release ages into obsolescence. so maybe having an local update repo. thanks much for all the feed. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
