selinux rant, compressed version (Was Re: kernels won't boot)

Jesse Keating jkeating at redhat.com
Thu Jan 3 20:48:35 UTC 2008


On Thu, 03 Jan 2008 15:43:26 -0500
David Zeuthen <david at fubar.dk> wrote:

>    Typical responses:
>      - "rpm cannot handle SELinux policy": <- bullshit; it's not much
>        different from other file meta data; do we store file modes and
>        permissions centrally too? No.

I don't know where you're getting this "typical" response from.  The
problem isn't rpm, the problem is selinux itself, not allowing rpm to
write out files that have a context it doesn't know about (yet), since
the context may be in the policy it's laying down.  Think chroots or
anaconda or livecreation.  Until the selinux upstream gets a clue
on this one we're stuck.  It's not like people haven't been arguing
this point for many many years now...

-- 
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080103/91baaec2/attachment.sig>


More information about the fedora-devel-list mailing list