policy and policy-source confusion
Thomas Molina
tmolina at cablespeed.com
Wed May 12 09:58:08 UTC 2004
On Wed, 12 May 2004, Leonard den Ottolander wrote:
> Hello Thomas,
>
> > OK, so now I am confused again. I moved all the rpmnew files to /tmp and
> > did an rpm -V policy. I got the following:
>
> The problem is that policy and policy-sources somewhat conflict. In case
> both are installed the policy files will be added as .rpmnew, and the
> policies are recreated from policy-sources. These recreated policies
> should be identical in function with those from policy, but don't
> necessarily have the same checksum. (Not sure what happens on an update
> of policy-sources when you edited them, I guess policy-sources will then
> be installed as .rpmnew as well).
"somewhat conflict"? What is that supposed to mean? From my point of
view, the current situation violates standard practice and the intent of
the rpm system. Actual practice doesn't match the docs either. The FAQ
says:
"Installing or updating the policy package loads the new policy
after it installs the files. Similarly, installing or updating the
policy-sources package rebuilds the policy.<version> file as well as the
file_contexts file, then loads them as the currently effective policy."
So if I have both policy and policy-sources, and update both the
policy.version file gets rebuilt/installed twice? That can't be right.
If the rpmnew files should just be deleted, they shouldn't even be created
in the first place. In this case the policy package validates with the
wrong set of files in place.
In my opinion installing/updating one package shouldn't modify files
belonging to another package. If policy-source is going to do this it
should be a specific action by the user post-installation, not a part of
the installation process itself.
More information about the fedora-selinux-list
mailing list