[packagekit] SELinux issues

Richard Hughes hughsient at gmail.com
Thu Oct 11 15:56:48 PDT 2007


On Fri, 2007-10-12 at 00:31 +0200, Matej Cepl wrote:
> I don't know how much do you want to get involved with SELinux in 
> this early stage of the development, but I am trying (as 
> a bugmaster I am supposed to take some level of pain) to use 
> Rawhide with SELinux switched on

I'm using PackageKit with SELinux in permissive mode, and it screams
like hell, which to be fair, it probably should.

>  and when I've got working 
> setroubleshoot again, I discovered some AVC denials against 
> packagekit (see grep packagekit /var/log/audit/audit.log on 
> http://www.ceplovi.cz/matej/tmp/selinux-audit-log.txt ) and 
> I have generated with audit2allow this policy module:

Sure, I can do this too, and we can compare notes :-)

> I have absolutely no clue what does it mean, I may have some 
> problems with labelling of my disk (actually /.autorelabel is 
> waiting on the next reboot), but I thought that you may be 
> interested (in case you know what you see here) in this as a kind 
> of possible-problems diagnostics.

Sure. This needs to be sorted before we push for inclusion in the fedora
repos, do you think we should ship the selinux policy in the PackageKit
source tarball, or in selinux-policy? Maybe Dan Walsh could give us a
hand here.

Richard.




More information about the PackageKit mailing list