Developers of packages please pay attention to selinux labeling.
Manuel Wolfshant
wolfy at nobugconsulting.ro
Tue Jul 13 14:18:46 UTC 2010
On 07/13/2010 05:11 PM, Christopher Brown wrote:
> [...]
> Whilst I appreciate your huge efforts to provide users with a more
> secure system, you need to realise that SELinux as it stands at the
> moment is utterly broken. As you clearly don't think this is the case,
> please spend some time in userland before beating on developers for
> not caring about this.
>
> If we can't even build (and QA!) a system that ships without SELinux
> warnings, there is clearly a problem. Adding SELinux checks to Fedora
> development slows things down even further. You really need to work
> with the AutoQA people to get this automated. Developers simply
> shouldn't have to worry about this.
>
> I understand wanting SELinux checks for *EL but for Fedora? Seriously?
>
> Wow, just wow.
I am sorry, Christopher but I have to partially disagree with you. There
is absolutely no reason to make Fedora any less secure than *EL. Or any
less secure that it can be. Yes, selinux can be cumbersome at times.
Yes, it can be improved. But that cannot be done without proper feedback.
And yes, AutoQA doing selinux checks is a good idea.
Manuel
More information about the devel
mailing list