Not good

[Gene Czarcinski]

On Monday 05 April 2004 10:40, Chris Ricker wrote:
> On Sat, 3 Apr 2004, Jeff Johnson wrote:
> > All rpm tools have this problem, as one of the two big lies in rpm is
> >     All-or-nothing behavior when installing packages.
> > That lie is true iff packages are perfect. That is very much not the
> > case during
> > a development cycle with an importatnt paradigm shift like selinux.
>
> I don't see the selinux policy issues as being any different than, say,
>
> # mount -o remount,ro /usr
> # yum update
> <massive fun ensues>
> #
>
> People have lived with that for years, they'll learn to live with similar
> situations due to selinux configs....

I agree but ... we need to understand what the "rules" are with respect to 
selinux related packages.  When things get screwed up, how do we unscrew 
them.  I did not know that the active policy had to be named policy.<version> 
so when the file was named "policy." I thought it was OK.  If I had known, it 
was a quick fix to rename it to "policy.16".

I do believe that the policy packages needs some work:

1. Cannot be built in a private build tree (this possibly caused the "policy." 
problem which is fixed in 1.9.2-11 ... we will see if it builds in the 
private tree by a regular user).
2. When policy is installed, it loads the policy it just installed ... OK, 
sounds reasonable.  But, if you then install/update policy-sources, it causes 
the policy to be rebuilt from source and reloaded again!  Why?
3. From what I see, there is no reason to have the policy package at all since 
policy-sources will build the needed files (except for 
/etc/security/{default_contexts,default_type,failsafe_context} and they could 
be in policy-sources too.

Gene