Hi,
we are going to drop file_contexts.bin from selinux-policy-targeted package.
file_contexts.bin file is regenerated by sefcontext_compile utility every time
policy is rebuilt, e.g. during update, after semodule -B, ... and this file
contains pre compiled pcre regexes from file_contexts.
We added this file to selinux-policy-targeted in order to prevent problems such
were [1] [2] but it causes another problems like [3]
Since systemd should be already fixed, it seems to be safe to drop it again and
let it create during post install phase. So we are going to drop it from
Rawhide and I think it could be dropped from Fedora 27 as well.
I've prepared COPR selinux-policy build [4] without this file. It would be
great if someone could test it in some Live image.
With few simple step you can also test how userspace works without *.bin files
on a local system:
1. remove .bin files from /etc/selinux/targeted/contexts/files/
# rm /etc/selinux/targeted/contexts/files/*bin
2. add/change /etc/selinux/semanage.conf so it contains:
[sefcontext_compile]
path = /bin/true
[end]
3. update selinux-policy{,-targeted} from [4]
4. test it - reboot, relabel, run a desktop session, ...
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1314372
[2] https://github.com/systemd/systemd/pull/2508#issuecomment-188235477
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1502009
[4] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-policy/build/656330/
Thanks,
Petr
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
