Developers of packages please pay attention to selinux labeling.

[Peter Gordon]

Adam Williamson <awilliam at redhat.com> wrote:

>On Tue, 2010-07-13 at 16:33 +0100, Pádraig Brady wrote:
>> On 13/07/10 15:47, Tomasz Torcz wrote:
>> > On Tue, Jul 13, 2010 at 03:11:44PM +0100, Christopher Brown wrote:
>> >>>
>> >>> As long as you give us a heads up we can prevent these types of blowups.
>> >>> Since this policy is shared between yum, packagekit
>> >>
>> >> Whilst I appreciate your huge efforts to provide users with a more
>> >> secure system, you need to realise that SELinux as it stands at the
>> >> moment is utterly broken. As you clearly don't think this is the case,
>> >> please spend some time in userland before beating on developers for
>> >> not caring about this.
>> > 
>> > 
>> >   On the other hand, I cannot understand why packagers submit packages that
>> > have no chance to work in default Fedora settings, with SELinux in Enforcing mode.
>> 
>> Nobody I know enables SELinux.
>> smolt says about half leave it enabled:
>> http://smolts.org/static/stats/stats.html
>> But I'm guessing a lot of experienced users/devs
>> disable it given previous experiences...
>> It's a bit of a catch 22 really.
>> 
>> Personally I do momentarily enable to test but always disable
>> because of _hundreds_ of errors in the applet thingy.
>> Enabling in non enforcing mode causes a huge performance hit,
>> causing for example the "do you want to kill" dialog to pop up
>> when I try to quit firefox.
>
>I have it enabled all the time on all my machines, and have never seen
>either problem. I only get a small number of alerts, which I always
>report to Bugzilla. I find Dan usually fixes them very quickly.
>-- 
>Adam Williamson
>Fedora QA Community Monkey
>IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
>http://www.happyassassin.net
>
>-- 
>devel mailing list
>devel at lists.fedoraproject.org
>https://admin.fedoraproject.org/mailman/listinfo/devel