On Tue, Jul 13, 2010 at 2:55 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > If you are changing the locate of an executable or libraries the > executables write to, please make sure SELinux labels are still > consistant or contact the selinux developers for help. IF you update a > package in a released version of Fedora and change the locations you > MUST make sure it still works with selinux in enforcing mode. > > packagekit got released this to F13 and Rawhide this week and changed > its location. packagekitd should be labeled rpm_exec_t, Since it moved > it got the default label and is now running unconfined. This causes > labels to get screwed up and lots of bugs are being reported on it. It > gives SELinux a bad name. And it makes our user community mad. SELinux > has been around a long time. Packages should be using it at least in > testing. This is unacceptable. Yeah updating (core!) packages like PackageKit without even testing it with the default setup *is* indeed unacceptable. Image a kernel update that eats your data on ext4 but has not been tested on it because the maintainer happens to run $othernondefaultfs (yes not really the same scale; but it shows how wrong this behavior is). -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
