On 10/13/2017 02:07 PM, Jerry James wrote: > On Sat, Oct 7, 2017 at 9:34 AM, Jerry James <loganjerry@xxxxxxxxx> wrote: ...snip... > But that's not the end of the fun. GCL failed the mass rebuild this > summer. It built successfully on every architecture but s390x. On > s390x, the build failed due to a failed call to mprotect(), almost > certainly a sign that SELinux was in enforcing mode on the builder. > Was that a known issue with s390x builders? And, if so, has it been > rectified since? If so, I'll try building again. The default config for all our builders is selinux permissive. Mostly because we have never had enough cycles to track down any problems with making them enforcing. However, I just checked and the s390x builders _were_ in enforcing mode. ;( They are not installed like all the rest of our builders (via kickstarts), but via a install image the mainframe admins made for us. Sorry this wasn't noticed until now. ;( I've set them all in permissive and tweaked our ansible playbooks to make sure all of them stay that way. > I still want the system policy to account for GCL, in some way or > another. But, as you can see from the quoted text above, submitting a > pull request to the relevant git repository has resulted in months of > <crickets chirping>. And pointing that out on this list last weekend > has resulted in still more of the crickets. > > So ... what is a packager supposed to do???? Why is it so hard to get > any attention for submissions to the system SELinux policy? There > should be a barrier to entry; I understand that. But I can't even get > the gatekeeper to have a conversation with me. Heeeeellllllppppp!!! > > Frustratedly yours, I don't know. Others have expressed frustration with selinux policy maintainers of late as well. It's really hard to say what the trouble is... are there to few of them? Overtasked with other work? Workflow too difficult? Perhaps we can get FESCO or someone to work with them and try and come up with a more open and working workflow. I'm not sure what the answer is here. kevin
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx