xref https://src.fedoraproject.org/rpms/selinux-policy/pull-request/370# For bootc I'd like to support building systems without rpm installed. In most cases actually we'd like to *only* change such systems through bootc upgrades, no client side mutation. So things like `setsebool` would never be invoked client side. However, this package also has /sbin/load_policy which is still very much wanted. One approach might be to split off policycoreutils-core that has just that? And no rpm dependency. Although I do wonder *why* it's required. A quick run of git log -G '^Requires:.*rpm' -- policycoreutils.spec shows this came in with no rationale in https://src.fedoraproject.org/rpms/policycoreutils/c/7d7e0bdd5429f28045fa78d9b5cf66f9ec22abff Reproducible: Always
Dan, why in 2007 did you add that Requires?
$ grep rpm /usr/sbin/fixfiles rpmlist() { rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f - Usage: $0 [-v] [-F] [-T nthreads] -R rpmpackage[,rpmpackage...] { check | restore | verify } $ rpm -qf /usr/sbin/fixfiles policycoreutils-3.7-6.fc41.x86_64 /usr/sbin/fixfiles is used by /usr/libexec/selinux/selinux-autorelabel which is used by /usr/lib/systemd/system/selinux-autorelabel.service
rpm is used in fixfiles only for -R option. Fow now would Recommends: instead of Requires: work for you?
> Fow now would Recommends: instead of Requires: work for you? Yeah that seems by far the simplest thing for now. We also don't need to "fixfiles" on a bootc host in general; bootc always gets the labels right for the host content and the state is intentionally immutable by default. > rpm is used in fixfiles only for -R option. But as far as longer term fixes: Hmm. Logically shouldn't this functionality live in rpm? There's already rpm-plugin-selinux and it could be the backend for something like `rpm --selinux-repair` or something?
https://src.fedoraproject.org/rpms/policycoreutils/pull-request/5
I think you meant to link to https://src.fedoraproject.org/rpms/policycoreutils/pull-request/51# - but LGTM and thanks!
FEDORA-2025-da4c0497bd (policycoreutils-3.7-7.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-da4c0497bd
FEDORA-2025-acaf4a12e7 (policycoreutils-3.7-7.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2025-acaf4a12e7
FEDORA-2025-da4c0497bd has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-da4c0497bd` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-da4c0497bd See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-acaf4a12e7 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-acaf4a12e7` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-acaf4a12e7 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-da4c0497bd (policycoreutils-3.7-7.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-acaf4a12e7 (policycoreutils-3.7-7.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.