Developers of packages please pay attention to selinux labeling.
Rahul Sundaram
metherid at gmail.com
Tue Jul 13 12:58:24 UTC 2010
On 07/13/2010 06:25 PM, Daniel J Walsh wrote:
> If you are changing the locate of an executable or libraries the
> executables write to, please make sure SELinux labels are still
> consistant or contact the selinux developers for help. IF you update a
> package in a released version of Fedora and change the locations you
> MUST make sure it still works with selinux in enforcing mode.
>
> packagekit got released this to F13 and Rawhide this week and changed
> its location. packagekitd should be labeled rpm_exec_t, Since it moved
> it got the default label and is now running unconfined. This causes
> labels to get screwed up and lots of bugs are being reported on it. It
> gives SELinux a bad name. And it makes our user community mad. SELinux
> has been around a long time. Packages should be using it at least in
> testing. This is unacceptable.
>
Wasn't there a move earlier to move policies to the packages instead of
maintaining everything centrally? As long as it abstracted away from
me, I don't really pay much attention to it. If it was part of my
package, I probably can keep it updated better.
Rahul
More information about the devel
mailing list