Latest Seamonkey update
Paul Howarth
paul at city-fan.org
Wed Aug 16 10:33:04 UTC 2006
Jim Cornette wrote:
> Rahul wrote:
>> Jim Cornette wrote:
>>
>>> I don't mind the browser being replaced with an individual
>>> application vs a suite of integrated applications for email, browsing
>>> and editing. I miss the missing editing feature the most.
>>>
>>> How in the world do you get seamonkey and its corresponding .so files
>>> into the selinux fold? Or better yet, are there guidelines and
>>> assistance given to the Fedora-Extras maintainer that allow their
>>> rpms to set items to the needed SELinux content, in order to work out
>>> of the box?
>>>
>>
>> Just file a bug report with the relevant information in this thread.
>> There is a draft guide that package maintainers can follow to write
>> policies when required. SELinux denials can also indicate broken code
>> which needs to be fixed.
>>
>> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
>>
>> For end user docs, see http://fedoraproject.org/wiki/SELinux
>>
>> Rahul
>>
>
> Thanks for the links. I am still having troubles grasping the management
> of SELinux. It is debatable as to how far one is willing to venture in
> order to get a desired program to work or just render SELinux totally
> ineffective by putting it in permissive or disabling it altogether.
>
> With a modification applied that firefox and thunderbird use in selinux
> policies, seamonkey works again and SELinux is crippled as it is for
> other mozilla derived applications. It is active again though.
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202642
> leads to the previously discussed bug which was closed. Comment #8 from
> the close bug report works to allow SELinux to remain in enforcing
> instead of disabled systemwide.
Until such time as the contexts are fixed in selinux-policy, this should
work:
# semanage fcontext -a -f -- -t textrel_shlib_t
'/usr/lib(64)?/seamonkey.*\.so'
# restorecon -rv /usr/lib*/seamonkey*
(that's two commands, in case of line-wrap)
This should not only survive a relabel but should also result in
seamonkey updates getting the right contexts as soon as they're installed.
Paul.
More information about the fedora-list
mailing list