Drawing lessons from fatal SELinux bug #1054350

Michael Schwendt mschwendt at gmail.com
Fri Jan 24 20:38:14 UTC 2014


On Fri, 24 Jan 2014 21:06:29 +0100, Dominick Grift wrote:

> Agreed, The testers did not fail. Their issues were solved.

That doesn't match what one can read here:

  https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20

> They could not have found this issue in reason. 

Why not? Please explain.

> There was no change log entry for it, 

You make it sound as if the testers have tried to skim over the several of
dozen bugzilla ticket descriptions linked at
  https://admin.fedoraproject.org/updates/FEDORA-2014-0806/selinux-policy-3.12.1-116.fc20
in an attempt at trying to find out _what_ the update touches.

A fundamental problem here is that even if a tester confirms that the
update fixes a _single_ bug, the other several dozens of changes could
cause regression -> reason to be careful and test this thing a bit longer.

> and even if there was they would still would need to be able trace
> the bug to SELinux.

That has been easy once the update arrived here on the nearby mirror.
"setenforce 0 && repeat previous command that caused strange behaviour"
is a very common troubleshooting thing, even if there haven't been any
AVC denied messages.


More information about the devel mailing list