View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007484||CentOS-7||policycoreutils||public||2014-08-09 15:13||2014-08-09 15:32|
|Summary||0007484: sepolicy generate creates the corresponding shell script that requires root without a need for it|
|Description||When you run "sepolicy generate" it generates files to define a policy. It also creates <policy_name>.sh file that is supposed to help the user to package the policy module into an RPM package. Unfortunately, in the current state the created script tries to do 2 things at once:|
1. install the generated policy into the system
2. package the policy into an RPM package.
While #1 requires root powers (or more explicitly, administrative rights) to modify the system, #2 does not require such powers.
It would be nice if the installation and update parts were separated logically inside the created shell script: e.g. if the script is launched with "install" or "update" arguments it will demand root, but if it's executed with "package" - it will simply package the created policy module into an RPM package.
|Additional Information||It was also spotted that the auto-generated manual page for the policy module contains a couple of typos:|
"other roles need to be transition into" => s/transition/transitioned/
"When using a a non login role," => s/a a non/a non/
Also, the generated manual page contain excessive list of SELinux booleans that are not specifically related to the generated policy module, but to the whole SELinux policy itself. This is redundant and better to be excluded from a module man page (we still have the SEE ALSO list at the end of the page :).
|Tags||No tags attached.|
|CentOS replicated RHEL bug for bug so I am afraid that all your concerns can only be addressed if you open a bug at bugzilla.redhat.com and persuade RH to implement your suggested changes.|
|OK, submitted it there too: https://bugzilla.redhat.com/show_bug.cgi?id=1128369|