Re: selinux rant, compressed version (Was Re: kernels won't boot)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-01-03 at 15:48 -0500, Jesse Keating wrote:
> On Thu, 03 Jan 2008 15:43:26 -0500
> David Zeuthen <david@xxxxxxxx> wrote:
> 
> >    Typical responses:
> >      - "rpm cannot handle SELinux policy": <- bullshit; it's not much
> >        different from other file meta data; do we store file modes and
> >        permissions centrally too? No.
> 
> I don't know where you're getting this "typical" response from.  The
> problem isn't rpm, the problem is selinux itself, not allowing rpm to
> write out files that have a context it doesn't know about (yet), since
> the context may be in the policy it's laying down.  Think chroots or
> anaconda or livecreation.  Until the selinux upstream gets a clue
> on this one we're stuck.  It's not like people haven't been arguing
> this point for many many years now...

Sure, granted. I wasn't really ranting at the .rpm or .deb people here.

(However, no one prevents you from using SELinux in permissive mode
during installs or live cd creation and then relabel the fs at the end.
Heck at least for the latter I'm pretty sure you can't even use
enforcing mode because the SELinux policy is so draconian as part of
it's complexity)

     David


-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux