On Wed, Nov 01, 2017 at 09:59:29AM +0100, Igor Gnatenko wrote: > On Wed, 2017-11-01 at 09:46 +0100, Petr Lautrbach wrote: > > Hi, > > > > we are going to drop file_contexts.bin from selinux-policy-targeted > > package. > > > > file_contexts.bin file is regenerated by sefcontext_compile utility > > every time > > policy is rebuilt, e.g. during update, after semodule -B, ... and > > this file > > contains pre compiled pcre regexes from file_contexts. > > > > We added this file to selinux-policy-targeted in order to prevent > > problems such > > were [1] [2] but it causes another problems like [3] > > > > Since systemd should be already fixed, it seems to be safe to drop it > > again and > > let it create during post install phase. So we are going to drop it > > from > > Rawhide and I think it could be dropped from Fedora 27 as well. > Am I right that this file will be created on installation? Then you > should use %ghost to mark it belonging to some package. Yes, this is the plan. https://src.fedoraproject.org/fork/plautrba/rpms/selinux-policy/c/dba350c6e03d8747a5524e59ff80cd6277ffa755 If you want to see the changes see https://src.fedoraproject.org/rpms/selinux-policy/pull-request/3 Thanks, Petr > > > > I've prepared COPR selinux-policy build [4] without this file. It > > would be > > great if someone could test it in some Live image. > > > > With few simple step you can also test how userspace works without > > *.bin files > > on a local system: > > > > 1. remove .bin files from /etc/selinux/targeted/contexts/files/ > > > > # rm /etc/selinux/targeted/contexts/files/*bin > > > > 2. add/change /etc/selinux/semanage.conf so it contains: > > > > [sefcontext_compile] > > path = /bin/true > > [end] > > > > 3. update selinux-policy{,-targeted} from [4] > > > > 4. test it - reboot, relabel, run a desktop session, ... > > > > > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1314372 > > [2] https://github.com/systemd/systemd/pull/2508#issuecomment-1882354 > > 77 > > [3] https://bugzilla.redhat.com/show_bug.cgi?id=1502009 > > > > [4] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-policy/b > > uild/656330/ > > > > Thanks, > > > > Petr > > > > _______________________________________________ > > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > > -- > -Igor Gnatenko > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
