Fedora buildsys and SELinux

Karsten 'quaid' Wade kwade at redhat.com
Wed Apr 16 20:57:10 UTC 2008 

As announced on fedora-devel-list[1], we'd like to come to a resolution
(consensus, actions) on the challenges we have with SELinux in the
Fedora build system.

I expect the following:

* All the parties are here now needed to figure this out
* Someone better than me is going to reply with specifics about what is
not working in the buildsys
* We all agree it's pretty important to get this figured out in a good
way

One example of a project blocking on this work is the Fedora spin
server.  We would have to put a non-SELinux secured server in the loop
somewhere for the actual spin building, and any way we do that is going
to be hacky and whacky.

The main problem I see outside of the technical issues is a marketing
one.  Fedora's infrastructure is a set of open tools that anyone can
download and make work themselves.  We know that people do that.  Fedora
Infrastructure is a feature producer; just as Fedora Docs supplies a
full-course documentation toolchain, so does Infrastructure supply a
full-course FLOSS project toolset.[2]

We do *not* want to be explaining that a new feature doesn't work with
SELinux.  At the very minimum, we have been consistent about the value
of SELinux in Fedora, and to ship something as a Fedora feature that
cannot run under SELinux ... well, that would be bad.

This is why other Fedora folks are asking the Fedora SELinux team to
take this off the backburner.

Thanks - Karsten

[1] https://www.redhat.com/archives/fedora-devel-list/2008-April/msg01064.html

[2] Yep, that's right; Fedora Infrastructure is a feature of Fedora.
For example, the new grid project 'Fedora Sleepwalker' is looking to get
integrated into firstboot or some kind of JoinBuddy.  When that happens,
adding your install to the Fedora Sleepwalker grid is going to be touted
as a major feature for that release.
-- 
Karsten Wade, Sr. Developer Community Mgr.
Dev Fu : http://developer.redhatmagazine.com
Fedora : http://quaid.fedorapeople.org
gpg key : AD0E0C41
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20080416/392f511e/attachment.bin

More information about the selinux mailing list