selinux breaks revisor
Valent Turkovic
valent.turkovic at gmail.com
Tue Jan 22 18:22:40 UTC 2008
John Dennis wrote:
> Valent Turkovic wrote:
>> 2008/1/22 Jesse Keating <jkeating at redhat.com>:
>>> On Tue, 22 Jan 2008 13:29:03 +0100
>>> "Valent Turkovic" <valent.turkovic at gmail.com> wrote:
>>>
>>>> I tested revisor and wanted to make an up to date version of Fedora 8
>>>> Live CD - but selinux put a stop to that.
>>> Selinux is not going to work at all for things like revisor (and
>>> pungi/livecd-creator). Both make use of chroots to install packages
>>> into, and in certain cases you can wind up causing lots of harm to your
>>> host system (installing a new policy in the chroot will actually cause
>>> that policy to activate on the running kernel and then you have policy
>>> that doesn't match labels, watch the fun!).
>>>
>>> It is strongly recommended that you disable SELinux or at least put it
>>> in permissive if you're going to be doing composes.
>>
>> Is there a was to make selinux aware of that or atleast put a
>> notification window saying that you need to disable selinux in order
>> to use revisor?
>
> Revisor could be aware of SELinux and provide a warning, SELinux cannot
> do this.
>
>> One more issue for removing selinux as I said in an earlier thread :)
>> Selinux breaks features by desing and in a bad way, and I as a user
>> see more trouble from selinux than it is worth (just MHO).
>
> Your dissatisfaction with SELinux has been duly noted by the list, you
> are free to disable it. However, we would prefer contributions to make
> the distribution more robust and smooth out the bumps rather than
> disabling the technology. Your choice.
>
I started to like selinux because all of you great fedora devels said
nothing but praises for it, but still it seams that any "feature" I test
seams to break because of selinux.
But don't worry you all convinced me that selinux has a good reason to stay.
Valent.
More information about the devel
mailing list