Jeremy Katz a écrit :
We ensure that contexts are all set correctly at the end with a
restorecon. The biggest "problem" with being in enforcing mode vs
permissive is you can get a flood of AVCs
I am not sure I get this: do you mean a flood of AVCs on the build host _while_ setting
all contexts at the end with restorecon?
I never noticed something like this.
SELinux being disabled only works if your live image config has
Sounds reasonable enough.