View Issue Details

IDProjectCategoryView StatusLast Update
0007484CentOS-7policycoreutilspublic2014-08-09 15:32
Reportergm.outside Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version7.0-1406 
Summary0007484: sepolicy generate creates the corresponding shell script that requires root without a need for it
DescriptionWhen you run "sepolicy generate" it generates files to define a policy. It also creates <policy_name>.sh file that is supposed to help the user to package the policy module into an RPM package. Unfortunately, in the current state the created script tries to do 2 things at once:

1. install the generated policy into the system
2. package the policy into an RPM package.

While #1 requires root powers (or more explicitly, administrative rights) to modify the system, #2 does not require such powers.

It would be nice if the installation and update parts were separated logically inside the created shell script: e.g. if the script is launched with "install" or "update" arguments it will demand root, but if it's executed with "package" - it will simply package the created policy module into an RPM package.
Additional InformationIt was also spotted that the auto-generated manual page for the policy module contains a couple of typos:

"other roles need to be transition into" => s/transition/transitioned/
"When using a a non login role," => s/a a non/a non/

Also, the generated manual page contain excessive list of SELinux booleans that are not specifically related to the generated policy module, but to the whole SELinux policy itself. This is redundant and better to be excluded from a module man page (we still have the SEE ALSO list at the end of the page :).
TagsNo tags attached.
abrt_hash
URL

Activities

user1999

2014-08-09 15:17

  ~0020638

CentOS replicated RHEL bug for bug so I am afraid that all your concerns can only be addressed if you open a bug at bugzilla.redhat.com and persuade RH to implement your suggested changes.
gm.outside

gm.outside

2014-08-09 15:32

reporter   ~0020640

OK, submitted it there too: https://bugzilla.redhat.com/show_bug.cgi?id=1128369

Issue History

Date Modified Username Field Change
2014-08-09 15:13 gm.outside New Issue
2014-08-09 15:17 user1999 Note Added: 0020638
2014-08-09 15:32 gm.outside Note Added: 0020640