Developers of packages please pay attention to selinux labeling.
Pádraig Brady
P at draigBrady.com
Tue Jul 13 15:33:46 UTC 2010
On 13/07/10 15:47, Tomasz Torcz wrote:
> On Tue, Jul 13, 2010 at 03:11:44PM +0100, Christopher Brown wrote:
>>>
>>> As long as you give us a heads up we can prevent these types of blowups.
>>> Since this policy is shared between yum, packagekit
>>
>> Whilst I appreciate your huge efforts to provide users with a more
>> secure system, you need to realise that SELinux as it stands at the
>> moment is utterly broken. As you clearly don't think this is the case,
>> please spend some time in userland before beating on developers for
>> not caring about this.
>
>
> On the other hand, I cannot understand why packagers submit packages that
> have no chance to work in default Fedora settings, with SELinux in Enforcing mode.
Nobody I know enables SELinux.
smolt says about half leave it enabled:
http://smolts.org/static/stats/stats.html
But I'm guessing a lot of experienced users/devs
disable it given previous experiences...
It's a bit of a catch 22 really.
Personally I do momentarily enable to test but always disable
because of _hundreds_ of errors in the applet thingy.
Enabling in non enforcing mode causes a huge performance hit,
causing for example the "do you want to kill" dialog to pop up
when I try to quit firefox.
cheers,
Pádraig.
More information about the devel
mailing list