[Fedora-packaging] SELinux testing
Jason L Tibbitts III
tibbs at math.uh.edu
Fri Sep 8 21:09:41 UTC 2006
>>>>> "JM" == James Morris <jmorris at redhat.com> writes:
JM> This guideline would request that developers test their package
JM> with SELinux enabled (and by this I mean in enforcing mode) and
JM> follow a simple procedure:
Just like the IPv6 thing, I don't think this is an appropriate topic
for the packaging committee to consider.
If it were in our purview, we could require that packages operate with
SELinux targeted enforcing, but forcing reviewers and package
maintainers to do this is a good way to make sure we have no package
maintainers or reviewers (except for the ones who are paid by Red Hat,
of course). I mean, FC5 as shipped won't even boot in my environment
with SELinux turned on. (Yes, I reported the problems and they were
quickly fixed, but that still doesn't get me a system I can boot to
the point of getting updates.) So I think it's way too early to be
forcing people to test with SELinux on.
For Extras, an SELinux SIG would be great; they could go through and
test applications, probably the server ones first. Core could of
course make their own policy. It's not for the packaging committee to
dictate either of those policies.
Now, the packaging committee could publish guidelines for how to
include SELinux rules in a package; that would be great.
More information about the Fedora-packaging