On Thu, 2007-10-18 at 09:35 +0200, Nicolas Mailhot wrote:
> Le jeudi 18 octobre 2007 à 10:16 +0300, Panu Matilainen a écrit :
>
> > Amen. If the labels were universally set in stone, it might make sense to
> > store into rpm but as they can and do vary between policy versions,
> > different policies and local custom policies...
>
> You could make the same arguments for user names, unix permissions or
> file location — a lot them have different values in the wild than in
> Fedora and yet we store our policy in rpm.
>
> It all goes down to whether we want to make selinux a first-class
> citizen, provide good selinux support by default, and make Fedora policy
> choices, or keep it in the current netherworld where most Fedora
> packagers do not feel concerned and users learn to add selinux=false to
> their grub config.
>
> There is no middle ground. Middle ground is just a way to avoid fixing
> problems, confuses people and makes them avoid the thing like the
> plague.
Yes, but sticking only file labels into the spec and not the rest of the
policy associated to the package is the same middle ground only slightly
shifted.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
