> IMO, there's a rather desperate need to be able to override the system-wide policy for individual processes, maybe via some sort of wrapper around one of the containerization technologies.
There's part of me that's almost surprised that there's not an SELinux Policy flag of some kind that would restrict or allow access of individual applications from using certain crypto bits. That seems like something that someone would have cooked up before, but perhaps it's just too intrusive into every other piece of software for even the SELinux team to want to futz with.
Alternatively I wouldn't be surprised if at some point the industry doesn't unofficially opt for a legacy openssl option which could be utilized by legacy code, but still allow all the modern code to use the new stuff. But of course if that did exist, tons of people would just refuse to update their code and deps because they have an option not to.
On Mon, May 2, 2022 at 9:56 AM Ian Pilcher <arequipeno@xxxxxxxxx> wrote:
It sure feels like we're reaching the point where anyone who has to work
with any sort of older equipment or servers is going to to forced to
switch their entire system to the LEGACY policy, which seems really
unfortunate.
IMO, there's a rather desperate need to be able to override the system-
wide policy for individual processes, maybe via some sort of wrapper
around one of the containerization technologies.
--
========================================================================
Google Where SkyNet meets Idiocracy
========================================================================
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure