rawhide report: 20070207 changes
Dave Jones
davej at redhat.com
Wed Feb 7 23:06:02 UTC 2007
On Wed, Feb 07, 2007 at 04:53:38PM -0500, David Zeuthen wrote:
> On Wed, 2007-02-07 at 15:18 -0500, Dave Jones wrote:
> > I'm puzzled why you're not seeing these when you test the code before
> > pushing it. Are you running with selinux disabled ?
> > Or is it failing only in certain hardware configurations that you don't have?
>
> Bah, mea culpa. I need to admit I wasn't running SELinux in Enforcing
> mode on the laptop I was testing it on. I see the issues in the AVC log
> as it's running Permissive mode. Still, some of my complaints still
> stand: As a developer, SELinux right now is a thing that gets more in my
> way than I like it to. It's probably specific to HAL as it runs with
> lots of privileges to do stuff.
Maybe so, but as developers, we should never turn it off.
How can we expect our users to use selinux if we disable it
ourselves ? I don't recall ever waiting more than 24hrs for
Dan to look into an issue I've had with SELinux policy,
so there really shouldn't be an excuse.
We really need some infrastructure in the updates system that
applies an update, runs it, and disallows the update being
pushed live if AVC's get generated.
Dave
--
http://www.codemonkey.org.uk
More information about the fedora-devel-list
mailing list