[Fedora-packaging] SELinux testing

Greg DeKoenigsberg gdk at redhat.com
Fri Sep 8 21:14:53 UTC 2006

On Fri, 8 Sep 2006, Jason L Tibbitts III wrote:

> >>>>> "JM" == James Morris <jmorris at redhat.com> writes:
> JM> This guideline would request that developers test their package
> JM> with SELinux enabled (and by this I mean in enforcing mode) and
> JM> follow a simple procedure:
> Just like the IPv6 thing, I don't think this is an appropriate topic
> for the packaging committee to consider.
> If it were in our purview, we could require that packages operate with
> SELinux targeted enforcing, but forcing reviewers and package
> maintainers to do this is a good way to make sure we have no package
> maintainers or reviewers (except for the ones who are paid by Red Hat,
> of course).  

A big +1 here.

We must *always* remember when working with community packagers: they do
this work to accomplish *their* needs.  The fact that they accomplish
*our* needs as well is almost always a fortunate side effect. 

> I mean, FC5 as shipped won't even boot in my environment with SELinux
> turned on.  (Yes, I reported the problems and they were quickly fixed,
> but that still doesn't get me a system I can boot to the point of
> getting updates.)  So I think it's way too early to be forcing people to
> test with SELinux on.
> For Extras, an SELinux SIG would be great; they could go through and
> test applications, probably the server ones first.  Core could of
> course make their own policy.  It's not for the packaging committee to
> dictate either of those policies.

Another big +1.  The unfortunate side effect here is that it's possible -- 
even likely -- that most community packagers won't give two craps about 
the SELinux SIG.

> Now, the packaging committee could publish guidelines for how to
> include SELinux rules in a package; that would be great.

+1 again.


Greg DeKoenigsberg || Fedora Project || fedoraproject.org
Be an Ambassador || http://fedoraproject.org/wiki/Ambassadors

More information about the Fedora-packaging mailing list