Re: F35 3x slower boot than F34

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Vitaly Zaitsev via devel writes:

On 05/09/2021 14:52, Sam Varshavchik wrote:
if only a great, overwhelming majority of Fedora package maintainers were able to write policies for their own packages and maintain it themselves because SELinux documentation was ample and easy to fllow

https://pagure.io/packaging-committee/issue/726
https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft

Which parts of the above describe, and explain, how to write the SELinux policy itself? Once it's written that's a great piece of documentation to follow, to explain how to package this policy. But this is putting the cart before the horse. The package maintainers have to actually understand how to write SELinux policies, first.

The problem isn't the technical details of how to package an SELinux policy with the packge.

The problem is the domain knowledge needed to write that SELinux policy in the first place. It's siloed mostly in the selinux package itself. I assert that the documentation above is not going to be useful to 95% of the package maintainers. A few of them will know how to write a policy, and then follow the above wiki. The rest will not. Prove me wrong.

I posted this link before:

https://raw.githubusercontent.com/svarshavchik/libcxx/master/packaging/fedora/libcxx.te

Where is the documentation that explains /all/ of the above, and what it means? I wrote that policy, of course, but even now, just a short time later, I can't for the life of me tell you where all that documentation is. Because there isn't, I had to figure out based on scraps of other selinux policies that I looked at, and based on my experience with other stuff that did NOT involve SELinux.

You will not find any documentation that explains /all/ of that on https://selinuxproject.org

And at most 5% of the above is explained in

https://selinuxproject.org/page/RefpolicyWriteModule

And until the state of the world is such that SELinux is not a siloed domain, that it's amply documented, and package maintainers have documentation that they can use to write their own policy, for the package that they fully understand and support, SELinux will continue to break random stuff, over and over again.

Attachment: pgpCGaBKog2VO.pgp
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux