Re: Developers of packages please pay attention to selinux labeling.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 13, 2010 at 2:55 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> If you are changing the locate of an executable or libraries the
> executables write to, please make sure SELinux labels are still
> consistant or contact the selinux developers for help.  IF you update a
> package in a released version of Fedora and change the locations you
> MUST make sure it still works with selinux in enforcing mode.
>
> packagekit got released this to F13 and Rawhide this week and changed
> its location. packagekitd should be labeled rpm_exec_t,  Since it moved
> it got the default label and is now running unconfined.  This causes
> labels to get screwed up and lots of bugs are being reported on it.  It
> gives SELinux a bad name.  And it makes our user community mad.  SELinux
> has been around a long time.  Packages should be using it at least in
> testing.  This is unacceptable.

Yeah updating (core!) packages like PackageKit without even testing it
with the default setup *is* indeed unacceptable.

Image a kernel update that eats your data on ext4 but has not been
tested on it because the maintainer happens to run $othernondefaultfs
(yes not really the same scale; but it shows how wrong this behavior
is).
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux