Developers of packages please pay attention to selinux labeling.
Adam Williamson
awilliam at redhat.com
Tue Jul 13 21:16:34 UTC 2010
On Tue, 2010-07-13 at 16:45 +0200, Nicolas Mailhot wrote:
> Le 13/07/2010 15:30, Rahul Sundaram a écrit :
> >
> > On 07/13/2010 06:58 PM, Christopher Brown wrote:
> >> No. SELinux is unacceptable when it displays ridiculous warning
> >> messages to users telling them it has detected suspicious activity on
> >> a system that has ONLY JUST BEEN INSTALLED.
> >>
> >
> > That should have failed the release criteria as it is written
> > currently.
>
> IIRC pyzor, for example, has never worked on an selinux system, as it
> tries to write stuff in / (and no one has minded for many releases)
If it's not installed by default, we don't care (as far as the release
criteria go).
The criterion Rahul is referencing is:
"In most cases, there must be no SELinux 'AVC: denied' messages or abrt
crash notifications on initial boot and subsequent login (see
Blocker_Bug_FAQ)"
from the final release criteria -
https://fedoraproject.org/wiki/Fedora_14_Final_Release_Criteria .
The 'In most cases' is a standard weasel clause we use when we might
want to not fix an issue that would technically breach the criteria if
it would only show up in really odd circumstances - for instance, if you
have to have three rare bits of hardware installed in conjunction before
you'd hit the denial, or something like that.
The test case for validating this criterion is:
https://fedoraproject.org/wiki/QA:Testcase_desktop_error_checks
note that it doesn't test non-default package sets, and doesn't test
actively *running* applications, only booting to a default desktop.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the devel
mailing list