Developers of packages please pay attention to selinux labeling.
Tomasz Torcz
tomek at pipebreaker.pl
Tue Jul 13 14:47:40 UTC 2010
On Tue, Jul 13, 2010 at 03:11:44PM +0100, Christopher Brown wrote:
> >
> > As long as you give us a heads up we can prevent these types of blowups.
> > Since this policy is shared between yum, packagekit
>
> Whilst I appreciate your huge efforts to provide users with a more
> secure system, you need to realise that SELinux as it stands at the
> moment is utterly broken. As you clearly don't think this is the case,
> please spend some time in userland before beating on developers for
> not caring about this.
On the other hand, I cannot understand why packagers submit packages that
have no chance to work in default Fedora settings, with SELinux in Enforcing mode.
There are sometimes such obvious errors and missing labels that I cannot imagine
not catching an audit message when program fails to even start!
There should be no excuses, especially when asking Dan is so simple and he
is always patient and helpful.
--
Tomasz Torcz ,,If you try to upissue this patchset I shall be seeking
xmpp: zdzichubg at chrome.pl an IP-routable hand grenade.'' -- Andrew Morton (LKML)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 238 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100713/3113d41e/attachment.bin
More information about the devel
mailing list