The recent redhat-rpm-config change and you

Nalin Dahyabhai nalin at
Mon Jun 20 17:44:53 UTC 2005

On Sat, Jun 18, 2005 at 01:00:06AM -0400, Toshio Kuratomi wrote:
> On Fri, 2005-06-17 at 17:05 -0400, Nalin Dahyabhai wrote:
> > [1]
> What's a simple test case for this?  I don't have a USB printer but I
> tried /usr ro on boot with no .pyo files.  This does not cause cups to
> crash....  Starting other programs which have no .pyo files with
> PYTHON_OPTIMIZE set also causes no problems.  Is the bug really only
> about SELinux and not a ro partition?  Does this only happen with cups
> and USB printers?
> Being an anti-pyo person, I'd like to understand this problem so I can
> be converted :-)

I can't speak to the specifics of cups and printing, but the problem
cases in which I'm interested are:
* Install a package with .py scripts.  Use parts of the package as a
  user who can write to the files, and you generate .pyc files.  These
  new files are not owned by any package, and RPM does not remove them
  if you remove the package.
* If you can't write to them, and you were denied access by SELinux
  permission checks (for example, you *were* root, but you were running
  the script in an execution domain which wouldn't be allowed write
  access), then you get a log message, either in syslog or in the audit
  log.  This leads to at least 40 unnecessary panic attacks, resulting
  in no less than four separate posts to fedora-test-list within the
  same day, which increases incoming traffic enough to finally kill the
  mailing list servers.  Please, think of the mailing list servers.
  Seriously, though, it's preventable.

The usefulness of .pyo files over .pyc files is marginal [1], but if
we're trying to avoid problems which crop up when a script only gets
byte-compiled on an installed system, I think we have to account for
them as well.




More information about the Fedora-maintainers mailing list