selinux-autorelabel service can be configured to drop to a shell to allow
administrator to manually relabel a filesystem, see selinux_config(5). In
this case, the service needs to have a tty attached to stdin. Given that
tty should not be attached to the service by default, see
https://bugzilla.redhat.com/show_bug.cgi?id=1634661 , the
selinux-autorelabel-generator.sh will configure the service to attach
tty only if AUTORELABEL=0
Resolves: rhbz#2165508
- gettext: handle unsupported languages properly (#2100378)
Resolves: rhbz#2100378
- semodule: rename --rebuild-if-modules-changed to --refresh
- python: Split "semanage import" into two transactions (#2063353)
Resolves: rhbz#2108174
- selinux-autorelabel: Do not force reboot (#2093133)
Resolves: rhbz#2108183
Forced reboot ends up NOT triggering normal unit shutdown, but only
sends TERM signal, then KILL later. Some processes such as dmeventd
do not quit on receiving TERM signal (protected), which means they
are killed after a long delay by systemd using the KILL signal.
In case the normal reboot doesn't go through, "reboot.target" will be
triggered after a timeout and send the KILL signal anyway.
Resolves: rhbz#2093133
Related: rhbz#2003551
The policycoreutils-devel package is used not only for working with an
installed policy, but also for building the policy from sources. In the
latter case, there is no need to install selinux-policy-devel (and
selinux-policy along with it), so make the dependency conditional on
selinux-policy.
Since policy is often built from source in a mock chroot or a container,
this will avoid the awkward and unnecessary cyclic build dependency of
selinux-policy on itself.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
It's was a leftover from the rebase before the latest rebase
Fixes:
Error: Transaction test error:
file /usr/share/man/ru/man8/restorecon_xattr.8.gz from install of policycoreutils-3.2-4.el9.x86_64 conflicts with file from package policycoreutils-restorecond-3.2-5.el9.x86_64
Related: rhbz#1938843
- policycoreutils-dbus requires polkit
- fixfiles: do not exclude /dev and /run in -C mode
- dbus: use GLib.MainLoop
Resolves: rhbz#1949841
Modified-by: Petr Lautrbach <plautrba@redhat.com>
Modified-by: Petr Lautrbach <plautrba@redhat.com>
Modified-by: Petr Lautrbach <plautrba@redhat.com>
Python slip is not actively maintained anymore and it was use just as
polkit proxy. It looks like polkit dbus interface is quite simple to use
it directly via python dbus module.
Resolves: rhbz#1949841
