I dumped all the gory details as bug 2420903, but the TLDR is that after 20 years of SELinux, this kind of stuff keeps breaking and there's an endless cycle of fixing AVCs, over an over again. Every time one of them gets fixed and a new selinux-policy update goes out the door there are two new AVCs that get discovered.
Something is fundamentally wrong with this picture. What can be done to design SELinux so that it's default modus operandi is that the SELinux policies are actually working and a breakage, like that, is a rare occurence, instead of the other way around?
Someday I hope to get rid of a fracking crontab that keeps running restorecon, every five minutes. But today is not going to be that day.
pgpCC62Ub27FW.pgp
Description: PGP signature
-- _______________________________________________ users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
