Re: [Libguestfs] selinux question and answer

On Wed, Aug 12, 2009 at 10:01:39AM -0400, Eric Paris wrote: > On Wed, 2009-08-12 at 14:40 +0100, Richard W.M. Jones wrote: > > After a bit of an epic struggle with a RHEL 5 guest, and thanks to > > (3) We must run every external command (eg. "rpm") via the shell, so > > in libguestfs using "sh", never "command". > > Correct. There is another (maybe harder?) option. If you want to still > be able to run things directly from your daemon you'll need to get the > daemon labeled unconfined_t. This would mean calling setexecon() and > then re-execing the daemon. We were just talking about this, and in fact this may be possible for us to do relatively easily. Question: can we use setexeccon before any policy has been loaded? Does it need /selinux? (I'm guessing no, yes).