-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/18/2013 02:25 PM, Adam Williamson wrote: > On Sat, 2013-05-18 at 13:41 -0400, Rahul Sundaram wrote: >> On 05/18/2013 01:12 PM, Adam Williamson wrote: >>> On Sat, 2013-05-18 at 06:18 -0400, Daniel J Walsh wrote: Well, there >>> may have been some signals crossed somewhere. I've been part of the >>> discussion about reducing the size of the desktop spin. >>> selinux-policy-devel doesn't look bad to me, the one that looks like a >>> problem is policycoreutils-devel > >> Yep. I was thinking of policycoreutils-devel and wrote >> selinux-policy-devel in the report instead. Sorry for the confusion > > And to make things clear there - the fact that policycoreutils and > policycoreutils-devel are split is not exactly a problem, in fact it's > making things better, it's just the nomenclature is off and it seems like > the dependency of pcu-devel on selinux-policy-devel is sub-optimal and > might be improveable. > Well I guess the problem is with audit2allow and its potential need for interface files.
Most people do # grep BROKENAPP /var/log/audit/audit.log | audit2allow -M mybrokenapp # semodule -i mybrokenapp.pp Which does not require selinux-policy-devel, however if you run audit2allow - -R it does, and this is something I suggest people look at when building local policy modules. I can hack up audit2allow to suggest which packages to install depending on the command options, we already have some of this. The real trigger for the problem is setroubleshoot-server requires sepolicy and audit2allow which brings in policycoreutils-devel, which brings in selinux-policy-devel. I guess I can work to hack out the parts of sepolicy/audit2allow that setroubleshoot-server actually needs and move that back into policycoreutils, then it can just require this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGaGwEACgkQrlYvE4MpobP+EgCcCuxu/kbIUAlGsvFDjB2PMDXe EKIAn03YsFJtP1Q2tASYtCFCytoqvk2Y =7QLD -----END PGP SIGNATURE----- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
