> IMO, there's a rather desperate need to be able to override the system-wide policy for individual processes, maybe via some sort of wrapper around one of the containerization technologies.
There's part of me that's almost surprised that there's not an SELinux Policy flag of some kind that would restrict or allow access of individual applications from using certain crypto bits. That seems like something that someone would have cooked up before, but perhaps it's just too intrusive into every other piece of software for even the SELinux team to want to futz with. Alternatively I wouldn't be surprised if at some point the industry doesn't unofficially opt for a legacy openssl option which could be utilized by legacy code, but still allow all the modern code to use the new stuff. But of course if that did exist, tons of people would just refuse to update their code and deps because they have an option not to. On Mon, May 2, 2022 at 9:56 AM Ian Pilcher <arequip...@gmail.com> wrote: > It sure feels like we're reaching the point where anyone who has to work > with any sort of older equipment or servers is going to to forced to > switch their entire system to the LEGACY policy, which seems really > unfortunate. > > IMO, there's a rather desperate need to be able to override the system- > wide policy for individual processes, maybe via some sort of wrapper > around one of the containerization technologies. > > -- > ======================================================================== > Google Where SkyNet meets Idiocracy > ======================================================================== > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
