Making Fedora a contributer friendly environment (Re: Selinux and package guidelines)
Jakub Jelinek
jakub at redhat.com
Wed May 9 12:46:02 UTC 2007
On Tue, May 08, 2007 at 12:19:43PM +0200, Till Maas wrote:
> On Mo Mai 7 2007, David Woodhouse wrote:
>
> > So the only people who would be excluded would be those who are
> > unwilling or unable to seek help from others when the task before them
> > exceeds their abilities. Which would probably be a good thing.
>
> And the people that do not get enough help. I once asked how to get something
> to work because of denied execmod. I got a response that it needs
> text_rel_shlib_t or something similiar, but there was no help how to do this
> correctly in a spec. http://fedoraproject.org/wiki/PackagingDrafts/SELinux
> helped a little but was/is not up to date and also the work needed for
> something this simple is way to much imho. One needs to create at least 2 not
> empty files and have a bunch of scriptlets and some other selinux code. This
> whole complexity only leads to more packaging errors. What should be there is
> help, procedures and helpful tools for a maintainer to be able to easily
> package software.
DT_TEXTREL shared libraries are (almost always) a packaging bug which
should be fixed, not worked around by setting SELinux contexts.
In most cases that just means compiling all the objects that are linked
into the shared library with -fpic resp. -fPIC (for very large shared
libraries).
Jakub
More information about the fedora-devel-list
mailing list