Drawing lessons from fatal SELinux bug #1054350

Adam Williamson awilliam at redhat.com
Fri Jan 24 17:41:13 UTC 2014


On Fri, 2014-01-24 at 10:58 +0100, Sergio Pascual wrote:
> 2014/1/24 Ralf Corsepius <rc040203 at freenet.de>
>         
>         Certainly, downgrading installations which already upgraded to
>         faulty packages would not work.
>         
>         Ralf
>         
> 
> 
> The situation (a broken system that cannot be upgraded)  could be
> mitigated a little bit by using yum + system snapshots. You can
> rollback to a previous sane system.
> 
> There is a plugin yum-plugin-fs-snapshot, but it requires better
> documentation and system integration.
> 
> 
> Currently (I don't know how current is F16 documentation) it requires
> running lvm by hand 
> 
> http://docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/sec-Plugin_Descriptions.html

AIUI there is/was a long-term plan to integrate this as core
functionality using btrfs snapshots - in fact that was one of the major
attractions of the idea of switching to btrfs-by-default in the first
place. I believe those involved didn't think the LVM-based
implementation was clean/robust enough to use by default, but a
btrfs-based implementation would be. Do correct me if I'm wrong.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net



More information about the devel mailing list