On Tue, Jul 13, 2010 at 04:47:40PM +0200, Tomasz Torcz wrote:
There are sometimes such obvious errors and missing labels that I
cannot imagine not catching an audit message when program fails to
even start!
A lot of my Fedora machines are virtualized and I only ever interact
with them by ssh.
On Thu, Jul 15, 2010 at 03:29:34PM +0530, Rahul Sundaram wrote:
On 07/15/2010 02:22 PM, Richard W.M. Jones wrote:
On Tue, Jul 13, 2010 at 04:47:40PM +0200, Tomasz Torcz wrote:
There are sometimes such obvious errors and missing labels that I
cannot imagine not catching an audit message
On 07/15/2010 06:04 AM, Richard W.M. Jones wrote:
On Thu, Jul 15, 2010 at 03:29:34PM +0530, Rahul Sundaram wrote:
On 07/15/2010 02:22 PM, Richard W.M. Jones wrote:
On Tue, Jul 13, 2010 at 04:47:40PM +0200, Tomasz Torcz wrote:
There are sometimes such obvious errors and missing labels that
On Thu, Jul 15, 2010 at 09:52:39AM +0100, Richard W.M. Jones wrote:
A lot of my Fedora machines are virtualized and I only ever interact
with them by ssh. While I would see a program if it failed to start,
I don't generally see any SELinux audit messages ever. (The bloated
This is a problem.
On Thu, 2010-07-15 at 09:52 +0100, Richard W.M. Jones wrote:
On Tue, Jul 13, 2010 at 04:47:40PM +0200, Tomasz Torcz wrote:
There are sometimes such obvious errors and missing labels that I
cannot imagine not catching an audit message when program fails to
even start!
A lot of my Fedora
If you are changing the locate of an executable or libraries the
executables write to, please make sure SELinux labels are still
consistant or contact the selinux developers for help. IF you update a
package in a released version of Fedora and change the locations you
MUST make sure it still
On 07/13/2010 07:55 AM, Daniel J Walsh wrote:
If you are changing the locate of an executable or libraries the
executables write to, please make sure SELinux labels are still
consistant or contact the selinux developers for help. IF you update a
package in a released version of Fedora and
On 07/13/2010 06:25 PM, Daniel J Walsh wrote:
If you are changing the locate of an executable or libraries the
executables write to, please make sure SELinux labels are still
consistant or contact the selinux developers for help. IF you update a
package in a released version of Fedora and
Daniel J Walsh wrote:
packagekit got released this to F13 and Rawhide this week and changed
its location. packagekitd should be labeled rpm_exec_t, Since it moved
it got the default label and is now running unconfined. This causes
labels to get screwed up and lots of bugs are being reported
On 13 July 2010 13:55, Daniel J Walsh dwa...@redhat.com wrote:
If you are changing the locate of an executable or libraries the
executables write to, please make sure SELinux labels are still
consistant or contact the selinux developers for help. IF you update a
package in a released version
On 07/13/2010 06:58 PM, Christopher Brown wrote:
No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
a system that has ONLY JUST BEEN INSTALLED.
That should have failed the release criteria as it is written
On 07/13/2010 09:30 AM, Rahul Sundaram wrote:
On 07/13/2010 06:58 PM, Christopher Brown wrote:
No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
a system that has ONLY JUST BEEN INSTALLED.
That should
On 07/13/2010 07:14 PM, Daniel J Walsh wrote:
On 07/13/2010 09:30 AM, Rahul Sundaram wrote:
On 07/13/2010 06:58 PM, Christopher Brown wrote:
No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
a system
On 13 July 2010 14:44, Daniel J Walsh dwa...@redhat.com wrote:
On 07/13/2010 09:30 AM, Rahul Sundaram wrote:
On 07/13/2010 06:58 PM, Christopher Brown wrote:
No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
a
On 07/13/2010 05:11 PM, Christopher Brown wrote:
[...]
Whilst I appreciate your huge efforts to provide users with a more
secure system, you need to realise that SELinux as it stands at the
moment is utterly broken. As you clearly don't think this is the case,
please spend some time in
On 07/13/2010 10:11 AM, Christopher Brown wrote:
On 13 July 2010 14:44, Daniel J Walsh dwa...@redhat.com wrote:
On 07/13/2010 09:30 AM, Rahul Sundaram wrote:
On 07/13/2010 06:58 PM, Christopher Brown wrote:
No. SELinux is unacceptable when it displays ridiculous warning
messages to users
On Tue, Jul 13, 2010 at 08:55:47AM -0400, Daniel J Walsh wrote:
If you are changing the locate of an executable or libraries the
executables write to, please make sure SELinux labels are still
consistant or contact the selinux developers for help. IF you update a
package in a released version
Le 13/07/2010 15:30, Rahul Sundaram a écrit :
On 07/13/2010 06:58 PM, Christopher Brown wrote:
No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
a system that has ONLY JUST BEEN INSTALLED.
That should
On 07/13/2010 08:15 PM, Nicolas Mailhot wrote:
IIRC pyzor, for example, has never worked on an selinux system, as it
tries to write stuff in / (and no one has minded for many releases)
The release criteria only cares about the default package set and
configuration in my understanding.
Personally I do momentarily enable to test but always disable
because of _hundreds_ of errors in the applet thingy.
You can disable the applet thingy without disabling selinux. I do.
- Mike
--
devel mailing list
devel@lists.fedoraproject.org
On 07/13/2010 09:03 PM, Pádraig Brady wrote:
Nobody I know enables SELinux.
smolt says about half leave it enabled:
http://smolts.org/static/stats/stats.html
But I'm guessing a lot of experienced users/devs
disable it given previous experiences...
It's a bit of a catch 22 really.
The
Dne 13.7.2010 17:33, Pádraig Brady napsal(a):
Personally I do momentarily enable to test but always disable
because of _hundreds_ of errors in the applet thingy.
Hundreds? I have been running RHEL-6 from mid-Januray (that means
Rawhide was quite stable comparing to it) with SELinux in the
Pádraig Brady wrote:
Nobody I know enables SELinux.
smolt says about half leave it enabled:
http://smolts.org/static/stats/stats.html
But I'm guessing a lot of experienced users/devs
disable it given previous experiences...
It's closer to 70% actually, also consider the 18.7% being market as
Once upon a time, Christopher Brown snecklif...@gmail.com said:
Whilst I appreciate your huge efforts to provide users with a more
secure system, you need to realise that SELinux as it stands at the
moment is utterly broken.
It works for a lot of people, so I would hardly call it utterly
On Tue, Jul 13, 2010 at 2:55 PM, Daniel J Walsh dwa...@redhat.com wrote:
If you are changing the locate of an executable or libraries the
executables write to, please make sure SELinux labels are still
consistant or contact the selinux developers for help. IF you update a
package in a
On 13 July 2010 17:26, drago01 drag...@gmail.com wrote:
Yeah updating (core!) packages like PackageKit without even testing it
with the default setup *is* indeed unacceptable.
I did test it with SELinux enabled, but I don't run enforcing as it
gets in my way as a developer. There was no
On Tue, 2010-07-13 at 16:45 +0200, Nicolas Mailhot wrote:
Le 13/07/2010 15:30, Rahul Sundaram a écrit :
On 07/13/2010 06:58 PM, Christopher Brown wrote:
No. SELinux is unacceptable when it displays ridiculous warning
messages to users telling them it has detected suspicious activity on
On 07/14/2010 02:46 AM, Adam Williamson wrote:
The test case for validating this criterion is:
https://fedoraproject.org/wiki/QA:Testcase_desktop_error_checks
note that it doesn't test non-default package sets, and doesn't test
actively *running* applications, only booting to a default
On 13/07/10 16:57, Matěj Cepl wrote:
Dne 13.7.2010 17:33, Pádraig Brady napsal(a):
Personally I do momentarily enable to test but always disable
because of _hundreds_ of errors in the applet thingy.
Hundreds? I have been running RHEL-6 from mid-Januray (that means
Rawhide was quite stable
On Tue, Jul 13, 2010 at 8:55 AM, Daniel J Walsh wrote:
If you are changing the locate of an executable or libraries the
executables write to, please make sure SELinux labels are still
consistant or contact the selinux developers for help. IF you update a
package in a released version of
Dne 13.7.2010 23:17, Pádraig Brady napsal(a):
To be clear, the hundreds contained many duplicates.
I'm not complaining since I haven't looked into any
of these issues, I'm just trying to provide insight
into why SELinux might not be as tested as one would like.
Just to note, that
On Wed, 2010-07-14 at 02:53 +0530, Rahul Sundaram wrote:
On 07/14/2010 02:46 AM, Adam Williamson wrote:
The test case for validating this criterion is:
https://fedoraproject.org/wiki/QA:Testcase_desktop_error_checks
note that it doesn't test non-default package sets, and doesn't test
Adam Williamson awill...@redhat.com wrote:
On Tue, 2010-07-13 at 16:33 +0100, Pádraig Brady wrote:
On 13/07/10 15:47, Tomasz Torcz wrote:
On Tue, Jul 13, 2010 at 03:11:44PM +0100, Christopher Brown wrote:
As long as you give us a heads up we can prevent these types of blowups.
Since
33 matches
Mail list logo