Vitaly Zaitsev via devel writes:
On 05/09/2021 09:55, Philip Rhoades via devel wrote:My response to situations in the past where resolving the SELinux issue was opaque (usually to do with MTAs if I recall correctly) . . was just to disable SELinux and move on . .In over 10 years with Fedora, I've only had some SELinux problems. Fixed quickly after filling out RHBZ report.
I've had a few.Bug 1913276 was opened past January for a very obscure package named "NetworkManager". I guess few people use it, so it does not seem to be a priority.
Bug 1859974 was opened a year ago for the same obscure package, which blocks it from configuring certain run of the mill VPN configurations. It was not actioned, and EOLed. I guess this will remain broken. Who needs VPN connections, anyway?
Bug 1909522, same time frame. This package doesn't ship with Fedora, but selinux-policy-targeted provides a policy for it, and this is just one of the problems that I documented.
The background here is that Fedora, overall, would be quite useless if you can only run stuff on it that came in the distribution. So, obviously, it should be possible to build and install common software packages that just happens to be not in the distribution.
Now combine this with the fact that SELinux has to be enabled by default, and you wind up with the situation of SELInux maintainers having to write SELinux policies for stuff that's not even in the distribution, and that they don't fully understand (this is not a criticism, just a statement of fact).
I recall a few others, that I could probably dig up. Does this make sense to anyone?
I'm not complaining about this bug here, or the bugs that I cited. The problem is not the bugs, it's why these bugs keep happening in the first place.
Attachment:
pgpnTrRBYYQlG.pgp
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure