Bug 691067

Summary: speed up yum update if selinux disabled
Product: [Fedora] Fedora Reporter: Tom Horsley <horsley1953>
Component: selinux-policy-targetedAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED WONTFIX QA Contact: Ben Levenson <benl>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 14CC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-29 17:58:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Tom Horsley 2011-03-26 14:08:50 UTC
Description of problem:

I have just watched my gazillionth yum update of selinux-policy-targeted
sit like a lump for what seems like forever running the postinstall script,
and it seems like there is a new selinux-policy-targeted update in the repos
pretty much every time I apply updates, so I've wasted more time on this
package than just about all the other updates combined.

This is particularly frustrating since I have selinux disabled, and will
always have selinux disabled.

I'm supposed to be able to erase selinux-policy-targeted if I don't need it,
and I tried to do that for a while, but inevitably some update would always
come along and drag it back onto my system, so I gave up on that.

Could you possibly make the postinstall script check up front to see if
selinux is disabled, and just exit right away instead of doing whatever
interminable thing it does? Pretty please with sugar on top?

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.9.7-37.fc14.noarch was the latest I just applied

How reproducible:
every time

Steps to Reproduce:
1.yum update
2.watch selinux-policy-targeted sit like a lump during "Updating" step.
3.
  
Actual results:
annoyingly slow install of a package I have no use for.

Expected results:
speedy install of a package I have no use for, yet can't seem to get rid of.

Additional info:

Comment 1 Daniel Walsh 2011-03-29 14:30:03 UTC
I guess I would look for what requires it.

rpm -q --whatrequires selinux-policy-targeted

SELinux policy is recompiling the policy when the package gets installed, this should only be taking 10-20 seconds.  It can not be changed to not do this, since it would blow up if someone was to turn on the selinux.  I would figure out which package requires it and see if we can remove the requirement.

Comment 2 Tom Horsley 2011-03-29 16:58:42 UTC
Seems entirely possible to me to wait till selinux is enabled, and then
recompile the policy. Since that will never happen on my system, I'd never
have to wait for it :-).

The dependency thing is more mysterious. I've never observed anything
that depends on selinux-policy-targeted. In fact, if I try doing a yum erase
right now, it says the only thing it will remove is that one package, yet
if I remove it and continue to do regular yum updates, it eventually always
seems to reappear (at least that was always what happened in the past
before I gave up trying to remove it).

Maybe an occasional dependency crops up then gets removed before I notice
any specific reason the package reappeared?

Comment 3 Daniel Walsh 2011-03-29 17:58:32 UTC
Not that simple.  Since enabling SELinux is just editing /etc/selinux/config, no way for the user to know to recompile policy.

selinux-policy-targeted should not get installed unless selinux-policy-targeted or selinux-policy-base is required, or perhaps when you do a upgrade install from one Fedora to the next.  

I would just remove the package and see if you can figure out how it got reinstalled.

Comment 4 Tom Horsley 2011-03-29 19:18:01 UTC
Yea, I went ahead and did that again, and this time added an exclusion
in the /etc/uum.conf file to prevent it from installing it again. If something
depends on it, I should at least get update errors now.