Re: Latest Seamonkey update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jim Cornette wrote:

Rahul wrote:

Jim Cornette wrote:
I don't mind the browser being replaced with an individual application vs a suite of integrated applications for email, browsing and editing. I miss the missing editing feature the most.
How in the world do you get seamonkey and its corresponding .so files into the selinux fold? Or better yet, are there guidelines and assistance given to the Fedora-Extras maintainer that allow their rpms to set items to the needed SELinux content, in order to work out of the box?
Just file a bug report with the relevant information in this thread. There is a draft guide that package maintainers can follow to write policies when required. SELinux denials can also indicate broken code which needs to be fixed. 

http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules

For end user docs, see http://fedoraproject.org/wiki/SELinux

Rahul
Thanks for the links. I am still having troubles grasping the management of SELinux. It is debatable as to how far one is willing to venture in order to get a desired program to work or just render SELinux totally ineffective by putting it in permissive or disabling it altogether.
With a modification applied that firefox and thunderbird use in selinux policies, seamonkey works again and SELinux is crippled as it is for other mozilla derived applications. It is active again though. 

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202642
leads to the previously discussed bug which was closed. Comment #8 from the close bug report works to allow SELinux to remain in enforcing instead of disabled systemwide.
Until such time as the contexts are fixed in selinux-policy, this should work:
# semanage fcontext -a -f -- -t textrel_shlib_t '/usr/lib(64)?/seamonkey.*\.so' 
# restorecon -rv /usr/lib*/seamonkey*

(that's two commands, in case of line-wrap)
This should not only survive a relabel but should also result in seamonkey updates getting the right contexts as soon as they're installed. 

Paul.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux