On Wed, 2006-08-09 at 16:54 -0400, Jesse Keating wrote: > On Wednesday 09 August 2006 16:45, Jeremy Katz wrote: > > On Wed, 2006-08-09 at 13:32 -0400, Konstantin Ryabitsev wrote: > > > On 8/9/06, Jeremy Katz <katzj@xxxxxxxxxx> wrote: > > > > They need to be present so that things can end up with the correct > > > > SELinux context -- otherwise, if you run a python app with -O2 as a > > > > user, you end up getting various avc denials > > > > > > So, what does that mean in terms of %ghost? > > > > That it's not a good idea and the .pyo files should just be included in > > the package > > This is reason enough for me to amend the Python packaging rule for this. > > If you want .pyo, do it when building and package them up. > Err. I think you're misunderstanding. End-users (well, the root user on the consumer's system) can generate .pyos by running python -O PROGRAM or PYTHONOPTIMIZE="yes" PROGRAM. This is because python will create the byte compiled files automatically when it is run. So the packager has to either include the .pyos or %ghost the pyos to solve that. The packager can't make the decision to not deal with .pyo's at all. Jeremy's position is that in the case where an end-user has PYTHONOPTIMIZE set and SELinux enabled, they are going to generate extraneous AVC denials in the logs. So packages should all include the .pyos, not ghost them. My position is that it's expected behaviour for python to attempt to create the .pyos so SELinux policy should be adapted to not log an error when that happens and %ghosting should be fine. -Toshio
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
