Developers of packages please pay attention to selinux labeling.
Daniel J Walsh
dwalsh at redhat.com
Tue Jul 13 15:01:54 UTC 2010
On 07/13/2010 10:37 AM, Till Maas wrote:
> On Tue, Jul 13, 2010 at 08:55:47AM -0400, Daniel J Walsh wrote:
>> If you are changing the locate of an executable or libraries the
>> executables write to, please make sure SELinux labels are still
>> consistant or contact the selinux developers for help. IF you update a
>> package in a released version of Fedora and change the locations you
>> MUST make sure it still works with selinux in enforcing mode.
>
> I do not understand the "the executables write to" part of the condition
> of what is bad and therefore not at all what needs to be avoided.
>
> Is it possible to move a library from /usr/lib to /lib without breaking
> selinux?
>
> Regards
> Till
>
Usually yes.
matchpathcon /usr/lib/mylib.so
matchpathcon /lib/mylib.so
If they are the same no problem, if they are different talk to us.
More information about the devel
mailing list