Selinux and package guidelines

Kevin Kofler kevin.kofler at
Tue May 8 05:03:30 UTC 2007

dragoran <drago01 <at>> writes:
> David Woodhouse wrote:
> > [...]
> >  *SElinux*,
> > [..]
> thx for mentioning this I suggest that any package that create avcs 
> should not pass a review. We have suchs packages in extras and nothing 
> in the review process takes care of selinux integration which is wrong.

So you want to force reviewers to run with SELinux enabled? That's going to 
reduce the number of reviewers significantly and increase the load on the 
review queue even more. I for one have SELinux disabled (completely, so I don't 
get even permissive AVCs) and I'm surely not the only one. Reviewing is already 
tedious enough as it stands (it took me over an hour to review Strigi, and it 
already had some quick pre-review comments by Rex Dieter and me). (It does work 
though, for example I caught some plugin .so files being mistaken for symlinks 
and thus accidentally shipped in strigi-devel rather than in the main strigi 
package, that would definitely have broken things for the end user. So I'm not 
complaining about the current process, just about your suggestion to add that 
SELinux requirement.)

        Kevin Kofler

More information about the fedora-devel-list mailing list