Drawing lessons from fatal SELinux bug #1054350

Heiko Adams ml at fedora-blog.de
Fri Jan 24 19:32:42 UTC 2014

Am Freitag, den 24.01.2014, 19:18 +0100 schrieb drago01:
> On Fri, Jan 24, 2014 at 7:12 PM, Fabian Deutsch <fabian.deutsch at gmx.de> wrote:
> > Am Freitag, den 24.01.2014, 00:55 +0100 schrieb Kevin Kofler:
> >> it is time to analyze the fallout from the following catastrophic
> >> Fedora 20
> >> regression:
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1054350
> >> "rpm scriptlets are exiting with status 127"
> >
> > Hey,
> >
> > can't we add a default boot entry which starts the system in permissive
> > mode?
> How would that help? If a user knows enough about the issue to try it
> he/she could just switch to permissive mode.

Having the ability to revoke stable updates an a way to handle automatic
downgrades of revoked updates including a temporary switching SELinux to
permissive mode would IMHO be a better solution for the case a buggy
update went to stable and the system is still up and running. With this
way the user has nothing more to do than running a new update-check.

Heiko Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140124/e9eb3377/attachment-0001.sig>

More information about the devel mailing list