Bug 230845
Summary: | RFE: improve forbidden-selinux-command check | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ville Skyttä <ville.skytta> |
Component: | rpmlint | Assignee: | Tom "spot" Callaway <spotrh> |
Status: | CLOSED DEFERRED | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | sgrubb |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-08-24 14:24:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ville Skyttä
2007-03-03 15:50:20 UTC
See also the original bug for forbidden SELinux commands: bug 214605 The -I message rpmlint gives should probably also be adjusted; if a package needs to modify the policy, restorecon alone doesn't accomplish that. Adding FutureFeature keyword to RFE's. Steve, you reported bug 214605 earlier - do you have any comments on this? Yes, it would be good to catch any knowledge of policy in spec files. Policy could change at any time and the types, role, and ranges be suddenly obsolete. Thanks, Steve. So if I understand you correctly, we'd want an error message from rpmlint if semanage is used with -t, --type, -R, --role, -r, or --range. Are there legitimate use cases for semanage with some of its other arguments in scriptlets, or should we output the error message for every semanage use, no matter what the arguments to it are? This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. This package has changed maintainer in the Fedora. Reassigning to the new maintainer of this component. I think we can close this. |