If you are maintinaing of developing a Fedora Package.
Panu Matilainen
pmatilai at redhat.com
Thu Oct 18 07:57:53 UTC 2007
On Thu, 18 Oct 2007, Nicolas Mailhot wrote:
>
> Le jeudi 18 octobre 2007 à 10:16 +0300, Panu Matilainen a écrit :
>
>> Amen. If the labels were universally set in stone, it might make sense to
>> store into rpm but as they can and do vary between policy versions,
>> different policies and local custom policies...
>
> You could make the same arguments for user names, unix permissions or
> file location — a lot them have different values in the wild than in
> Fedora and yet we store our policy in rpm.
The difference here is that we don't even try to support several
different policies (including custom local policies on top of the distro
policies) for user names, permissions etc. If we did, we'd be in the very
same swamp as with SELinux currently.
The total lack of support for custom file permissions etc could well be
considered a bug too...
> It all goes down to whether we want to make selinux a first-class
> citizen, provide good selinux support by default, and make Fedora policy
> choices, or keep it in the current netherworld where most Fedora
> packagers do not feel concerned and users learn to add selinux=false to
> their grub config.
>
> There is no middle ground. Middle ground is just a way to avoid fixing
> problems, confuses people and makes them avoid the thing like the
> plague.
I'm not claiming there is no problem. What I'm saying is that storing the
labels within RPM doesn't fix a thing.
- Panu -
More information about the fedora-devel-list
mailing list