Not good
Gene Czarcinski
gene at czarc.net
Sat Apr 3 09:49:52 UTC 2004
On Saturday 03 April 2004 00:46, Daniel J Walsh wrote:
> First off you should never have to do a relabel, Or only under extreme
> circumstances.
> The problem here was the movement of the .Xauthority file out to /tmp.
> The new policy should fix your problem.
When we get to the end point (FC2 gold) this system is going to be very stable
and secure. However, the transition with its large number of daily updates
sure make things "interesting" ... I have managed to screw things up on one
system so that I am on my third install.
Unfortunately, discovering all of the different nuances necessary in a
security policy supporting real people, real systems, and real situations is
a lot more difficult than having a policy in a controlled experiment. Well,
we are all here trying to pound this into something that works and I believe
it will work pretty well when FC2 gold comes out but a wole lot better in FC2
gold. This is going to take time.
One big gripe I do have is up2date:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=119538
When rpm fails to (properly) install a package because of some selinux policy
thing, this is not handled well by up2date. In fact, up2date reports that
the package was installed properly when it was not installed. My latest
experience with that is when I tried updating gdm ... old package removed but
new package not installed. I only found this because I am manually querying
rpm after every update. When I tried to manually install the package, I saw
the errors. I then did "setenforce 0", manually installed the old package,
manually installed the new package, and "setenforce 1". Update now complete.
This rpm/up2date problem needs to be addressed. Unfortuantely, it is not
clear that my bugzilla report is being addressed.
Gene
More information about the fedora-selinux-list
mailing list