Developers of packages please pay attention to selinux labeling.
Christopher Brown
snecklifter at gmail.com
Tue Jul 13 13:28:09 UTC 2010
On 13 July 2010 13:55, Daniel J Walsh <dwalsh at redhat.com> wrote:
> If you are changing the locate of an executable or libraries the
> executables write to, please make sure SELinux labels are still
> consistant or contact the selinux developers for help. IF you update a
> package in a released version of Fedora and change the locations you
> MUST make sure it still works with selinux in enforcing mode.
>
> packagekit got released this to F13 and Rawhide this week and changed
> its location. packagekitd should be labeled rpm_exec_t, Since it moved
> it got the default label and is now running unconfined. This causes
> labels to get screwed up and lots of bugs are being reported on it. It
> gives SELinux a bad name. And it makes our user community mad. SELinux
> has been around a long time. Packages should be using it at least in
> testing. This is unacceptable.
No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
a system that has ONLY JUST BEEN INSTALLED.
Please, for the love of everything, stop it.
</wasted breath> (my assumption here - this nonsense has been going on
for so many releases I've lost count).
--
Christopher Brown
More information about the devel
mailing list