Hello. On Thu, 29/09/2016 at 18.23 +0200, Michael Biebl wrote: > Am 29.09.2016 um 18:01 schrieb Guido Trentalancia: > > > > On Thu, 29/09/2016 at 17.52 +0200, Michael Biebl wrote: > > > > > > Am 29.09.2016 um 17:33 schrieb Guido Trentalancia: > > > > > > > > > > > > On Thu, 29/09/2016 at 17.29 +0200, Michael Biebl wrote: > > > > > > > > > > > > > > > Am 29.09.2016 um 17:11 schrieb Guido Trentalancia: > > > > > > > > > > > > > > > > > > > > > > > > Run-time checks are wrong because they leave the filesystem > > > > > > in > > > > > > a > > > > > > state that is not usable when SELinux goes back into > > > > > > enforcing > > > > > > mode. > > > > > > > > > > > > Compile-time checks have no side effects and in any case > > > > > > are > > > > > > better > > > > > > than the bug! > > > > > > > > > > Debian enables selinux support during compile time but we do > > > > > not > > > > > enable > > > > > selinux by default. > > > > > > > > > > So the side-effect of this patch would be that suddenly NM > > > > > would > > > > > use > > > > > files instead of symlinks on Debian. > > > > > > > > This is not a side-effect in my opinion, but an added benefit > > > > because > > > > there is no good reason for using a symbolic link. > > > > > > So you want to get rid of the symbolic link altogether and > > > selinux is > > > only a diversion? > > > > I am in favor of getting rid completely of the symbolic link > > creation, > > but this is outside of the scope of a simple patch created as a > > quick > > fix of an existing bug. > > > > I'll leave more extensive changes to the author... They are not > > strictly required for running NetworkManager. > > How do resolvconf/openresolv or resolved/networkd handle this? They > use > a file in /run as well and /etc/resolv.conf being a symlink to that > file. > I know basically zero about selinux but I would assume there is a way > to > get the selinux labelling right otherwise they would be broken as > well.
Changing the SELinux policy is not the optimal thing to do in this case. The patch is very simple and effective. But, if you don't like it, do not use it. Regards, Guido _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
