Developers of packages please pay attention to selinux labeling.

[Christopher Brown]

On 13 July 2010 13:55, Daniel J Walsh <dwalsh at redhat.com> wrote:
> If you are changing the locate of an executable or libraries the
> executables write to, please make sure SELinux labels are still
> consistant or contact the selinux developers for help.  IF you update a
> package in a released version of Fedora and change the locations you
> MUST make sure it still works with selinux in enforcing mode.
>
> packagekit got released this to F13 and Rawhide this week and changed
> its location. packagekitd should be labeled rpm_exec_t,  Since it moved
> it got the default label and is now running unconfined.  This causes
> labels to get screwed up and lots of bugs are being reported on it.  It
> gives SELinux a bad name.  And it makes our user community mad.  SELinux
> has been around a long time.  Packages should be using it at least in
> testing.  This is unacceptable.

No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
a system that has ONLY JUST BEEN INSTALLED.

Please, for the love of everything, stop it.

</wasted breath> (my assumption here - this nonsense has been going on
for so many releases I've lost count).

-- 
Christopher Brown