workstation-ostree-config

Clone
Source Code
GIT

#113 add `policycoreutils-python-utils`
Closed 5 years ago by miabbott. Opened 5 years ago by miabbott.
miabbott/workstation-ostree-config semanage  into  master

file modified
+1 
@@ -161,6 +161,7 @@ 
 

          "plymouth",
 

          "plymouth-system-theme",
 

          "policycoreutils",
 

+         "policycoreutils-python-utils",
 

          "polkit",
 

          "procps-ng",
 

          "pulseaudio",

This brings in semanage which allows users to manage local
SELinux policy customizations.

Seems like this one should be in the common deps?

Offhand I'm surprised nothing in comps is pulling it in.

Seems like this one should be in the common deps?

Oops! Missed that for some reason.

rebased onto c860f99
5 years ago

Updated :arrow_up:

@walters
Offhand I'm surprised nothing in comps is pulling it in.

I agree. @sgallagh - should semanage be something that would be included in the workstation comps groups ?

FWIW if you just want to rebuild it's semodule -B.

@dustymabe @walters I’m not at my desk at the moment so I can’t check the dependencies, but in the past I think the reason this wasn’t part of comps is that we were trying to avoid having selinux-policy in the mandatory dependency chain so it was possible for people to do yum remove selinux-policy and not end up with a broken system.

Does semanage still pull in selinux-policy or is it independent?

@sgallagh - here is what I see getting pulled in when I add it to a silverblue system:

Added:
  checkpolicy-2.8-2.fc29.x86_64
  policycoreutils-python-utils-2.8-8.fc29.noarch
  python3-IPy-0.81-23.fc29.noarch
  python3-audit-3.0-0.4.20180831git0047a6c.fc29.x86_64
  python3-libsemanage-2.8-4.fc29.x86_64
  python3-policycoreutils-2.8-8.fc29.noarch
  python3-setools-4.1.1-13.fc29.x86_64

Then after a reboot I can actually remove selinux-policy altogether if I unlock the system:

bash-4.4# rpm -e selinux-policy
error: Failed dependencies:
    selinux-policy = 3.14.2-40.fc29 is needed by (installed) selinux-policy-targeted-3.14.2-40.fc29.noarch
    selinux-policy >= 3.13.1-220 is needed by (installed) container-selinux-2:2.73-2.gitd7a3f33.fc29.noarch
bash-4.4# 
bash-4.4# rpm -e selinux-policy-targeted
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Read-only file system)
bash-4.4# rpm -e container-selinux
error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Read-only file system)
bash-4.4# 
bash-4.4# ostree admin unlock 
Development mode enabled.  A writable overlayfs is now mounted on /usr.
All changes there will be discarded on reboot.
bash-4.4# rpm -e selinux-policy selinux-policy-targeted container-selinux 
warning: file /var/lib/selinux/targeted/semanage.trans.LOCK: remove failed: No such file or directory
...
bash-4.4# echo $?
0
bash-4.4# rpm -q selinux-policy policycoreutils-python-utils
package selinux-policy is not installed
policycoreutils-python-utils-2.8-8.fc29.noarch

@sgallagh
Does semanage still pull in selinux-policy or is it independent?

I think the answer to your question is no.

Ack, I have no remaining reservations.

@miabbott - can you open a PR to add that package to pagure.io/fedora-comps ? @sgallagh what group should it go in?

Probably "workstation-product", I guess?

can you open a PR to add that package to pagure.io/fedora-comps ?

https://pagure.io/fedora-comps/pull-request/345

This is now part of workstation-product and the latest comps sync (#117) pulls it in. Closing.

Pull-Request has been closed by miabbott
5 years ago
Metadata
None
No Tags
Changes Summary 1
+1 -0
file changed
fedora-common-ostree-pkgs.json
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.