#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Saturday 14th January 2012 ===

==== Local Packages ====

 * Updated `perl-Email-Address` to 1.894:
  * Note that the use of the regex vars is not a great idea

==== Buildsystem SELinux Fix ====

The `mock` tool for building packages in a `chroot` includes an SELinux plug-in to try to fool
processes running in the `chroot` that SELinux is ''disabled'' (even on systems where the host has SELinux ''enforcing'',
which is the case on all of my systems) by creating a fake `/proc/filesystems` that doesn't include `selinuxfs`.
This is necessary because files unpacked into the `chroot` doesn't get labelled as they would if they were installed
normally, and in any case they might be targeting a distribution with a very different policy than the host.
This works fine in most cases, but for the now-EOL Fedora releases 7 through to 11, it doesn't work because the
`libselinux` versions there don't check for SELinux in the same way.

I had a hack in my buildsystem to cater for this, namely to create a fake `/selinux/enforce` file containing
just "`0`" to trick those versions of `libselinux` into thinking that SELinux is in ''permissive'' mode.
This is sufficient to get SELinux-aware applications such as `sshd` working properly, which is necessary for
the `libssh2` test suite. However, in Fedora 16 the `selinuxfs` mount point moved from `/selinux` to
`/sys/fs/selinux`, and, since `/sys` is bind-mounted into the `chroot` by `mock` and it's not possible
to create/write to arbitrary files in that hierarchy, a different approach was needed.
What I did was to create a directory "`/srv/buildsys/mock-selinux`" on my buildsystem, containing one file "`enforce`",
containing just "`0`", and then bind-mounting that on top of `/sys/fs/selinux` in the `chroot`, using
this addition to my `mock` configuration for those releases:
{{{
config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/buildsys/mock-selinux', '/sys/fs/selinux'))
}}}
Worked a treat :-)
----