Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-89587

Ship EPEL related SELinux modules as selinux-policy-epel-* packages

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-10.1
    • rhel-10.0
    • selinux-policy
    • selinux-policy-40.13.31-2.el10
    • No
    • Important
    • 1
    • rhel-security-selinux
    • ssg_security
    • 16
    • 2
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • SELINUX 250604: 7
    • Enhancement
    • Hide
      .SELinux policy modules related to EPEL packages moved to `-extra` subpackages in the CRB repository

      In RHEL 10.0, the SELinux policy modules related only to packages contained in the Extra Packages for Enterprise Linux (EPEL) repository and not to any RHEL package were moved from the `selinux-policy` package to the `selinux-policy-epel` package. This reduced the size of `selinux-policy`, allowing the system to perform operations such as rebuilding and loading the SELinux policy faster.

      In RHEL 10.1, the modules from `selinux-policy-epel` are moved to the following `-extra` subpackages in the RHEL CodeReady Linux Builder (CRB) repository:

      * `selinux-policy-targeted-extra`
      * `selinux-policy-mls-extra`

      This change enables the automatic installation of `-extra` SELinux policy modules when users enable the EPEL repository.
      Show
      .SELinux policy modules related to EPEL packages moved to `-extra` subpackages in the CRB repository In RHEL 10.0, the SELinux policy modules related only to packages contained in the Extra Packages for Enterprise Linux (EPEL) repository and not to any RHEL package were moved from the `selinux-policy` package to the `selinux-policy-epel` package. This reduced the size of `selinux-policy`, allowing the system to perform operations such as rebuilding and loading the SELinux policy faster. In RHEL 10.1, the modules from `selinux-policy-epel` are moved to the following `-extra` subpackages in the RHEL CodeReady Linux Builder (CRB) repository: * `selinux-policy-targeted-extra` * `selinux-policy-mls-extra` This change enables the automatic installation of `-extra` SELinux policy modules when users enable the EPEL repository.
    • In Progress
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      According to https://pagure.io/epel/issue/328 it's not possible to setup selinux-policy-epel to be automatically installed with epel-release. There's a proposal to ship selinux-policy-epel in CRB repository as CRB is already a dependency for EPEL and given that epel-release already has: "Requires selinux-policy-epel if selinux-policy" it will solve the automatic installation.

              rhn-engineering-plautrba Petr Lautrbach
              rhn-engineering-plautrba Petr Lautrbach
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: