Proposal: ReadOnlyDirectories /etc and /usr for network-services
Reindl Harald
h.reindl at thelounge.net
Thu Jul 25 19:10:17 UTC 2013
Am 25.07.2013 21:06, schrieb drago01:
> On Thu, Jul 25, 2013 at 9:01 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>>> There might still be bugs in them (and/or in the selinux-policy package).
>>> Being more specific would be way more productive. Like "my app tries
>>> to do X but fails with the following message"
>>
>> my app does not exist outside the own infrastrcuture
>>
>
> How does that even matter? That does not mean that your app is unfixable.
> Unless it is a closed source thing and your developer left.
the developer am i
> "I have a custom developed app that tries to do X but then I get an
> AVC like ....." is a completely valid bug report.
>
> You will either get an answer like "do it that way instead and it will
> work" or "oh this is a bug fixed in selinux-policy version foo.x.y"
you refuse to understand that "do it that way instead" is no otpion
for some hundret thousand lines of code working *perfectly* since
years and have to work togehter on a whole cluster
however, im am not interested to discuss a lifetime-work doing
exactly as it should which can be *more* secure as it already is
with two lines in a systemd-unit which is done, up and working
for hours
someone may consider to do the same or not
it does not have impact on my workload
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130725/e776a4a1/attachment-0001.sig>
More information about the devel
mailing list