Drawing lessons from fatal SELinux bug #1054350

Adam Williamson awilliam at redhat.com
Fri Jan 24 00:02:40 UTC 2014


On Fri, 2014-01-24 at 00:55 +0100, Kevin Kofler wrote:
> Hi,
> "catastrophic Fedora 20 regression"
> https://bugzilla.redhat.com/show_bug.cgi?id=1054350
> "rpm scriptlets are exiting with status 127"
> "EVERYONE"
> "IMPOSSIBLE" to fix this using GUI tools installed by default. The
> "some stupid reason (because somebody decided to make it as painful as possible to disable that 
> SELinux junk?"
> "dreaded thing"
> "(or even operating system)!"
> "BRICKED."
> "The ONLY thing that tool is designed to do at all is PREVENT things. It does 
> not have a SINGLE feature"
> (read: single point of failure!)
> (scalability disaster!)
> duplication of all logic!)
> (Note the 3 (!) major antipatterns in a single-sentence (!) description of how SELinux works!)
> BREAKS
> draconian Update Policies
> vain attempt
> utterly failed
> default! Just consider the benefits (none!)
> If we want to have any users left, SELinux needs to go away NOW!
> The Update Policies must be repealed
> totally failed

> Why would we stick our heads in the sand this time?
> 
> DISABLE/DROP SELINUX NOW!

That's a great way to go about having a calm and reasoned discussion and
building consensus, Kevin.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net



More information about the devel mailing list