Add SELinux permissive domains to fedora kernels
Eric Paris
eparis at redhat.com
Mon Mar 31 18:33:15 UTC 2008
On Mon, 2008-03-31 at 14:24 -0400, Dave Jones wrote:
> It is indeed, very late. I'm concerned by just how much busted stuff
> we have[*], so shovelling in more features after the feature freeze is
> making me wince. From a quick look at the patches, this is a fairly
> small amount of code that's changing, that looks harmless.
>
> What userspace changes are necessary for this? Are they in place already?
Dan already committed/build the changes to the libsepol library
http://koji.fedoraproject.org/koji/buildinfo?buildID=44062
and then checkpolicy must be patched and rebuilt after the new library
makes it into the build root since checkpolicy uses static linking with
libsepol.
> We'll pick this up anyway in 2-3 months as an F9 update when we rebase
> to 2.6.26, so I guess the userspace bits will have to be done at some point,
> but I'd rather we spent effort beating what we have already into shape
> than forward planning right now.
I want to see usability get to users as fast as I can. If others object
we will get it in for free in the future, but I know improving selinux
usability is a big deal for this, users have wanted to see such an
options and wanted to get others opinion for committing.
-Eric
More information about the Fedora-kernel-list
mailing list