On Thu, 18 Oct 2007, Nicolas Mailhot wrote:
Le jeudi 18 octobre 2007 à 10:16 +0300, Panu Matilainen a écrit :
Amen. If the labels were universally set in stone, it might make sense to
store into rpm but as they can and do vary between policy versions,
different policies and local custom policies...
You could make the same arguments for user names, unix permissions or
file location — a lot them have different values in the wild than in
Fedora and yet we store our policy in rpm.
The difference here is that we don't even try to support several
different policies (including custom local policies on top of the distro
policies) for user names, permissions etc. If we did, we'd be in the very
same swamp as with SELinux currently.
The total lack of support for custom file permissions etc could well be
considered a bug too...
It all goes down to whether we want to make selinux a first-class
citizen, provide good selinux support by default, and make Fedora policy
choices, or keep it in the current netherworld where most Fedora
packagers do not feel concerned and users learn to add selinux=false to
their grub config.
There is no middle ground. Middle ground is just a way to avoid fixing
problems, confuses people and makes them avoid the thing like the
plague.
I'm not claiming there is no problem. What I'm saying is that storing the
labels within RPM doesn't fix a thing.
- Panu -
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
