On Wednesday 28 October 2009, jim owens wrote: > Rafael J. Wysocki wrote: > > On Tuesday 27 October 2009, Eric Paris wrote: > >> It's a restorecond bug. restorecon acted as if watch descriptors > >> could never be reused. They weren't on old kernels and it's possible > >> they are reused now. Restorecon was fixed. > >> > >> http://marc.info/?l=selinux&m=125380417916233&w=2 > >> > >> a change in the kernel caused a buggy userspace program to break. I > >> know how to put the kernel back the way it was, but I don't know if we > >> call this a regression, you guys tell me. > > > > Yes, we do, AFAICS. The policy is not to break user space, even if it > > happens > > to work by accident. > > But if we make a rule of "never break even bad user programs" then > we also should never plug security holes because that breaks a > user program expecting that attack vector :)
Well, that's why this rule is not carved in stone. Clearly, there are some cases in which we can't afford keeping the buggy user space happy, not only security-related. Thanks, Rafael -- To unsubscribe from this list: send the line "unsubscribe kernel-testers" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
