On Fri, Sep 08, 2006 at 04:50:44PM -0400, James Morris wrote:
7. If for some reason, #2 is not possible, and the release of the
package
is important enough to warrant disabling a core security feature of the
OS:
7a. Make a note of the bugzilla # from (1) in the rpm info, cvs commit and
release notes, with an explanation. Also include a standardized
disclaimer in the rpm info which advises the user of the security risks
arising from disabling SELinux. This should only happen in truly
exceptional cases. I'm not sure how we can reliably notify users that
SELinux can be re-enabled again, and whether they'll tolerate the entire
fs being relabeled on reboot. Really, this just should not happen.
Can the policy for one application be turned off? (I honestly don't
know... I haven't been able to justify spending the time to really
wrap my brain around SELinux yet.)
If not, that seems like a major flaw. It seems to me that if a user
could just toggle off checks for a particular application (and reboot,
I would assume) and have everything work well enough, there would be
an incentive to fix the one application to work with SELinux instead
of just turning off SELinux entirely.
BTW, my limited experience with SELinux issues with one of my packages
is here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187305
The time it took to resolve that bug really should be a hint that
we're not ready to require SELinux compatibility in Extras yet.
Steve
--
Steven Pritchard - K&S Pritchard Enterprises, Inc.
Email: steve(a)kspei.com
http://www.kspei.com/
Phone: (618)398-3000 Mobile: (618)567-7320