[Fedora-packaging] SELinux testing
Greg DeKoenigsberg
gdk at redhat.com
Fri Sep 8 21:14:53 UTC 2006
On Fri, 8 Sep 2006, Jason L Tibbitts III wrote:
> >>>>> "JM" == James Morris <jmorris at redhat.com> writes:
>
> JM> This guideline would request that developers test their package
> JM> with SELinux enabled (and by this I mean in enforcing mode) and
> JM> follow a simple procedure:
>
> Just like the IPv6 thing, I don't think this is an appropriate topic
> for the packaging committee to consider.
>
> If it were in our purview, we could require that packages operate with
> SELinux targeted enforcing, but forcing reviewers and package
> maintainers to do this is a good way to make sure we have no package
> maintainers or reviewers (except for the ones who are paid by Red Hat,
> of course).
A big +1 here.
We must *always* remember when working with community packagers: they do
this work to accomplish *their* needs. The fact that they accomplish
*our* needs as well is almost always a fortunate side effect.
> I mean, FC5 as shipped won't even boot in my environment with SELinux
> turned on. (Yes, I reported the problems and they were quickly fixed,
> but that still doesn't get me a system I can boot to the point of
> getting updates.) So I think it's way too early to be forcing people to
> test with SELinux on.
>
> For Extras, an SELinux SIG would be great; they could go through and
> test applications, probably the server ones first. Core could of
> course make their own policy. It's not for the packaging committee to
> dictate either of those policies.
Another big +1. The unfortunate side effect here is that it's possible --
even likely -- that most community packagers won't give two craps about
the SELinux SIG.
> Now, the packaging committee could publish guidelines for how to
> include SELinux rules in a package; that would be great.
+1 again.
--g
-------------------------------------------------------------
Greg DeKoenigsberg || Fedora Project || fedoraproject.org
Be an Ambassador || http://fedoraproject.org/wiki/Ambassadors
-------------------------------------------------------------
More information about the Fedora-packaging
mailing list