W3C home > Mailing lists > Public > public-qa-dev@w3.org > May 2005

Regarding WMVS packages in FC3 and FC4

From: Ville Skyttä <ville.skytta@iki.fi>
Date: Sun, 22 May 2005 13:57:14 +0300
To: QA-dev <public-qa-dev@w3.org>
Message-Id: <1116759434.32359.159.camel@bobcat.mine.nu>

The targeted SELinux configuration in Fedora Core 3 and especially the
upcoming Fedora Core 4 makes it really hard, and at best fragile if not
impossible to provide WMVS packages that would work properly out of the
box.  A targeted SELinux policy is in effect for both FC3 and 4 by

The root cause of the problem is that facilities for individual packages
to modify the SELinux configuration in a way that would persist after
file system relabeling etc simply do not really exist yet.

Stuff that the current FC4 targeted policy disallows for CGI scripts
includes for example hostname resolution (/etc/resolv.conf, UDP DNS
traffic), fetching the documents to be validated from arbitrary
hostnames and TCP ports (applies also to external entities in onsgmls),
and IIRC invoking arbitrary executables (unverified, but in this
case /usr/bin/onsglms), reading the WMVS configuration file and maybe

Therefore, I'm inclined to request removal of my WMVS FC3 and FC4
packages from the Fedora Extras repositories until it is possible to
deploy the needed SELinux policy from the RPMs, or if/until the system
default policy allows the Validator to work as intended out of the box.
The packages work as is if one runs a FC[34] box with SELinux turned off
or into a non-enforcing mode, but that's too much to ask IMO, and I'm
sure the Fedora Extras policies would not welcome that idea at all.  If
this temporary removal happens, the WMVS docs about the RPM availability
should be temporarily commented out too, until well-working packages are
available again.

Received on Sunday, 22 May 2005 10:54:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:54:49 UTC