Spec URL: http://users.wpi.edu/~cpardy/rpms/scselinux.spec SRPM URL: http://users.wpi.edu/~cpardy/rpms/scselinux-0-0.1a.src.rpm Description: To better conform with the upstream the gui code that was previously in policycoreutils has been moved into it's own package and given a rewrite to use policy kit. This code implements the 3 guis, system-config-selinux polgengui and lockdown. These have in the past been implemented as a patch on fedora systems to the policycoreutils package. This code is not yet feature complete and does not yet have an upstream.
A few blockers: - You are missing the Source URLs and the project URL. - Requires: python should be dropped, it is automatically picked up by rpm. - BuildRequires: python should be BuildRequires: python-devel. Also, use the sitelib macro at http://fedoraproject.org/wiki/Packaging:Python instead of hard coded paths. - --vendor fedora is not used anymore. If you need to build in RHEL, use --vendor="". - Preserve time stamps with install -p. - You are mixing macro styles. Change the references to $RPM_BUILD_ROOT to %{buildroot} for consistency.
Spec URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec SRPM URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2.tar.gz Description: To better conform with the upstream the gui code that was previously in policycoreutils has been moved into it's own package and given a rewrite to use policy kit. This code implements the 2 guis, system-config-selinux and polgengui. These have in the past been implemented as a patch on fedora systems to the policycoreutils package.
The description should describe what the package does, not its development history.
fixed description, fixed spec file to actually create installable rpm. Spec URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec SRPM URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2.tar.gz Description: system-config-selinux provides the graphical tools system-config-selinux and selinux-polgen for managing an SELinux system.
If someone could please take a look at this, as today is my last day as an intern here and it would be nice to be able to give some sort of status on this thing. Also actually fixed the SRPM to point to an srpm. Spec URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec SRPM URL: system-config-selinux-0.2-2.fc11.src.rpm Description: system-config-selinux provides the graphical tools system-config-selinux and selinux-polgen for managing SELinux systems.
My RedHat email was deactivated, I'm adding my alternate email as cc. Spec URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec SRPM URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2-2.fc11.src.rpm Description: system-config-selinux provides the graphical tools system-config-selinux and selinux-polgen for managing SELinux systems.
I'm sorry that nobody has looked at this; we have far more review submissions than reviewers, and far too much traffic for anyone to actually follow all of the bugzilla mail. Posting to fedora-devel or dropping by #fedora-devel and requesting help is the best means of getting something time-sensitive noticed. However, I tried to take a look, but the package failed to build for me. It looks like the makefile calls restorecon, which is not only a really bad idea since I don't think it works as a regular user and there's no guarantee that the build filesystem supports contexts (think my home dir and NFS). But I think that it actually fails because policycoreutils isn't installed as nothing in the package actually requires it. Here's a scratch build showing the failure: http://koji.fedoraproject.org/koji/taskinfo?taskID=1615432
I couldn't get your build log to display, but I think I've added enough build requires for all the python files. I moved the chcon and restorecon to %post, hopefully that works. Spec URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec SRPM URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2-3.fc11.src.rpm Description: system-config-selinux provides the graphical tools system-config-selinux and selinux-polgen for managing SELinux systems.
You should not need any restorecon in the post, rpm should handle this automatically. Also do not use chcon in a spec file. They will not survive a relabel. If you install and the labeling is wrong, then it needs to be fixed in the selinux-policy package.
I've removed all the selinux commands, it should now build but requires packages that currently must be built out of koji to run. Spec URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec SRPM URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2-3.fc11.src.rpm Description: system-config-selinux provides the graphical tools system-config-selinux and selinux-polgen for managing SELinux systems.
Can we get this approved, I really want to get it out in Fedora 12.
(In reply to comment #12) > Can we get this approved, I really want to get it out in Fedora 12. First step is reviewed / improved ... (In reply to comment #11) I don't think I have enough experience to be approving security related packages in Fedora. However, some initial nits: 1. package name differs from web page, so maybe fix the web page from (System-Config-Selinx) ! 2. repeated requires: Requires: selinux-policy Requires: selinux-policy >= 3.6.28-4 -> which is it ?, I don't think it makes sense to have both. 3. Can you confirm that this package replaces policycoreutils-gui ? Does the new package include all the old package's functionality ? 4. The normal place to put the python_sitelib call is at the top of the .spec, see: http://fedoraproject.org/wiki/Packaging:Python#System_Architecture 5. description: typo in (graphcial). Perhaps instead of just repeating short names/acronyms, we could have something like spelling out the acronym during first stating of it: --- This package contains two graphical tools for adjusting the mandatory access control security settings, as implemented by Security Enhanced Linux (SELinux). system-config-selinux provides an interface for configuring and managing SELinux, while selinux-polgengui is used to generate SELinux policy modules. --- -> feel free to improve upon that ! 6. For consistency, keep the two-line breaks between sections (for post, clean files, install) 7. Nice to see lines like ln... to be split over two lines, limiting spec to be mostly <= 80 chars wide. 8. avoid use of tab char, space is easier to peruse. 9. changelog: is not in required format: - space between * and first char of date. - space between - and item text - version-release is not included for any entries. (think the space is missing as well, making those entries look weird. - subprocesss ! - lines longer than 80chars. 10. how were the labelling problems fixed (were they added to the -targeted policy) ? 11. Is there any doc files that need to be included ? 12. Who is going to own this package going forward, since it seems the reporter is having trouble keeping the spec file consistent with itself, let alone the fedora packaging standards, is this a time problem ? 13. files: -config(noreplace) %{_datadir}/ -> are people expected to make changes to configuration in /usr/share ? -%{_sysconfdir}/dbus-1/system.d/org.fedoraproject.selinux.config.conf -> is this a file that needs the noreplace, ie are users expected to adjust this (potentially) ? 14. gui tools require icons, are some included, do some need to be requested of the artwork project ? I haven't explicitly checked Provides nor BuildRequires. Hopefully this helps move the review a little further on.
replies to comment #13 following spec and srpm stuff Spec URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec SRPM URL: http://www.fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2-4.fc11.src.rpm Description: system-config-selinux provides the graphical tools: system-config-selinux and selinux-polgen for managing SELinux systems. 1. I made the project name on the wiki lowercase (you can explain to me why that was your first complaint later) 2. fixed 3. yes otherwise I wouldn't have included it in the spec. 4. misunderstood the meaning of "top", fixed. 5. Switched to your description. Maybe I'll think of something better later. 6. 2 line breaks between all sections now. 7. done. 8. fixed. 9. fixed. 10. yes added to policy, noted in comment now. 11. Not yet, I'll submit a docs package when there are. 12. I will maintain ownership. 13. yes this is why I included them in the spec. 14. icon's are included.
(In reply to comment #14) > 1. I made the project name on the wiki lowercase (you can explain to me why > that was your first complaint later) Either the package name or the web site got the name wrong as System-Config-Selinx, rather than System-Config-Selinux ; I assumed it was the web site, but wanted to clarify, I see you fixed the spelling anyhow. I haven't performed build, functionality, or md5sum checks yet, will do that maybe in the next day. > 6. 2 line breaks between all sections now. That looks good, except the changelog entries (they are all one section, and typically have single line breaks between each entry, like the break between sept27 and previous). Also, the version on each changelog entry is allowed to be one of: * Tue Aug 24 2004 Alexander Larsson <alexl> - 2.7.4-2 * Thu Aug 19 2004 Alex Larsson <alexl> 2.7.4-1 see https://fedoraproject.org/wiki/Packaging/Guidelines#Changelogs You can leave this until there is more to update.
Had a few cycles to look further at the package... Additional items to sort out: 15. source0: upstream src location doesn't seem to be correct (or I am doing something wrong): $ wget http://fedorahosted.org/released/s/y/system-config-selinux/system-config-selinux-0.2.tar.gz --2009-10-05 21:26:11-- http://fedorahosted.org/released/s/y/system-config-selinux/system-config-selinux-0.2.tar.gz Resolving fedorahosted.org... 66.135.52.17 Connecting to fedorahosted.org|66.135.52.17|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://fedorahosted.org/released/s/y/system-config-selinux/system-config-selinux-0.2.tar.gz [following] --2009-10-05 21:26:12-- https://fedorahosted.org/released/s/y/system-config-selinux/system-config-selinux-0.2.tar.gz Connecting to fedorahosted.org|66.135.52.17|:443... connected. HTTP request sent, awaiting response... 404 Not Found 2009-10-05 21:26:13 ERROR 404: Not Found. ===== or via web browser: Environment not found ===== this means I can't check the md5sum. 16. builds on f11 with the setools-libs-python from rawhide, OK. 17. rpmlint for .src.rpm: $ rpmlint /home/davidt/rpmbuild/SRPMS/system-config-selinux-0.2-3.fc11.src.rpm system-config-selinux.src: W: strange-permission selinux-polgengui.desktop 0755 system-config-selinux.src: W: strange-permission system-config-selinux.desktop 0755 system-config-selinux.src: W: strange-permission system-config-selinux.spec 0755 1 packages and 0 specfiles checked; 0 errors, 3 warnings. -> change those file's perms to 644 before building the srpm, should solve this. 18. rpmlint for built package: $ rpmlint /home/davidt/rpmbuild/RPMS/noarch/system-config-selinux-0.2-3.fc11.noarch.rpm system-config-selinux.noarch: W: incoherent-version-in-changelog -0.2 ['0.2-3.fc11', '0.2-3'] -> as mentioned, need to have the release version matching the current spec release. system-config-selinux.noarch: E: file-in-usr-marked-as-conffile /usr/share/PolicyKit/policy/org.fedoraproject.selinux.policy -> I don't know whether in this case this actually makes sense, and would be allowed from the packaging perspective ? Is there another package you can point to that does this already ? system-config-selinux.noarch: W: no-documentation -> suggest creating at least a basic %doc piece describing basic usage of the two apps. system-config-selinux.noarch: W: non-conffile-in-etc /etc/dbus-1/system.d/org.fedoraproject.selinux.config.conf -> is that supposed to be adjustable by the user ie does it need %config, so that a user adjustment won't be overwritten during rpm -U ? system-config-selinux.noarch: W: empty-%post -> was there supposed to be something here, like reload of a service or similar ? 1 packages and 0 specfiles checked; 1 errors, 4 warnings. 19. running application: -> I haven't installed to test. My machine is F11, and doesn't have selinux-policy >= 3.6.28-4. Would installing that version and running it cause issues ?
Looking at admin.fp.org suggests you have signed the cla, but are not yet in the packager group. This means that you will need a sponsor to oversee your packaging efforts. Unfortunately, I am not a sponsor, so that will have to be someone else. I'm removing myself from assignee. With regard to getting sponsored, sponsors want to see that you are following / understanding / improving upon your knowledge of packaging for Fedora. This typically involves performing some pre-reviews on other packages in the Review Request queue: http://fedoraproject.org/PackageReviewStatus/NEW.html Also, I think there is a way to mark this review request as need sponsor, so that potential sponsors may find it more easily.
I can own this package and have Chris as a contributer.
Dave, thanks for the comments, again. Yes I had "released" instead of "releases", I've fixed that, I removed the post section, fixed up the file permissions. Running rpmlint on the srpm and spec now returns no errors. running on the rpm returns warnings for the lack of docs and a false warning for the .config file being in /etc (freedesktop's fault not mine). Dan, if you want to take ownership and get this approved please go ahead.
source rpm: http://fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2-5.fc11.src.rpm spec: http://fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec
(In reply to comment #18) > I can own this package and have Chris as a contributer. OK. Any ideas about whether testing this on f11 (by updating to rawhide / f12 -policy) would be a bad thing (before I kill my machine) ?
That's what I'm doing and my machine isn't dead so I think it's ok.
F12 policy should work fine on F11.
(In reply to comment #20) > source rpm: > http://fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux-0.2-5.fc11.src.rpm Sorry, getting back to this... Builds OK. Clicking system|administration|selinux management Runtime: ===== $ system-config-selinux Traceback (most recent call last): File "/usr/bin/system-config-selinux", line 265, in <module> win = MainWindow() File "/usr/bin/system-config-selinux", line 55, in __init__ self.startup() File "/usr/lib/python2.6/site-packages/scselinux/async.py", line 24, in rplc return function(*pargs,**kargs) File "/usr/bin/system-config-selinux", line 59, in startup self.selinux = scselinux.Transaction() File "/usr/lib/python2.6/site-packages/scselinux/proxy.py", line 36, in __init__ dbus_object = bus.get_object ("org.fedoraproject.selinux.config",'/org/fedoraproject/selinux/transaction') File "/usr/lib/python2.6/site-packages/dbus/bus.py", line 244, in get_object follow_name_owner_changes=follow_name_owner_changes) File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 241, in __init__ self._named_service = conn.activate_name_owner(bus_name) File "/usr/lib/python2.6/site-packages/dbus/bus.py", line 183, in activate_name_owner self.start_service_by_name(bus_name) File "/usr/lib/python2.6/site-packages/dbus/bus.py", line 281, in start_service_by_name 'su', (bus_name, flags))) File "/usr/lib/python2.6/site-packages/dbus/connection.py", line 630, in call_blocking message, timeout) dbus.exceptions.DBusException: org.freedesktop.DBus.Error.Spawn.ChildExited: Launch helper exited with unknown return code 1 ===== # system-config-selinux Traceback (most recent call last): File "/usr/bin/system-config-selinux", line 265, in <module> win = MainWindow() File "/usr/bin/system-config-selinux", line 55, in __init__ self.startup() File "/usr/lib/python2.6/site-packages/scselinux/async.py", line 24, in rplc return function(*pargs,**kargs) File "/usr/bin/system-config-selinux", line 86, in startup self.Pages = [general_config.Page(self),files_object.Page(self),file_equiv_object.Page(self),users_object.Page(self),ports_object.Page(self),processes_object.Page(self),policy_config.Page(self),booleans_config.Page(self)] File "/usr/share/system-config-selinux/pages/general_config.py", line 47, in __init__ self.builder.add_from_file("ui/general_config.ui") glib.GError: Duplicate object id 'vbox3' on line 469 (previously on line 11) ===== So, at least under F12, i686 there is some trouble to sort out...
There is a possibility that the above error is caused by something going wrong with nautilus (dbus error), yet: I also got an selinux notification (note "system-config-s" not the full name): ===== Summary: SELinux is preventing /usr/bin/python "getsched" access. Detailed Description: SELinux denied access requested by system-config-s. It is not expected that this access is required by system-config-s and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:semanage_t:s0-s0:c0.c1023 Target Context system_u:system_r:semanage_t:s0-s0:c0.c1023 Target Objects None [ process ] Source system-config-s Source Path /usr/bin/python Port <Unknown> Host davidtdesktop Source RPM Packages python-2.6.2-2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-46.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name davidtdesktop Platform Linux davidtdesktop 2.6.31.5-127.fc12.i686.PAE #1 SMP Sat Nov 7 21:25:57 EST 2009 i686 athlon Alert Count 4 First Seen Sun 22 Nov 2009 10:56:40 PM EST Last Seen Sun 22 Nov 2009 11:09:30 PM EST Local ID 796a9ac4-bdba-4327-baca-49f471fda2c6 Line Numbers Raw Audit Messages node=davidtdesktop type=AVC msg=audit(1258891770.762:1341): avc: denied { getsched } for pid=13802 comm="system-config-s" scontext=system_u:system_r:semanage_t:s0-s0:c0.c1023 tcontext=system_u:system_r:semanage_t:s0-s0:c0.c1023 tclass=process node=davidtdesktop type=SYSCALL msg=audit(1258891770.762:1341): arch=40000003 syscall=157 success=no exit=-13 a0=35ea a1=ffffffc8 a2=6feff4 a3=b77576c0 items=0 ppid=13801 pid=13802 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-config-s" exe="/usr/bin/python" subj=system_u:system_r:semanage_t:s0-s0:c0.c1023 key=(null) ===== SELinux Policy Generation Tool: starts up, but is delayed by maybe 5 seconds, giving me the impression that it isn't going to work, or that something has gone wrong. Actually, the delay to any form of GUI appears is: time selinux-polgengui real 0m11.499s user 0m10.022s sys 0m0.064s My preference would be for the GUI to appear immediately on the screen, but then show some sort of progress bar to indicate that it needs to do something (what) before it's is ready for user input. It's especially helpful if there are say 500 records to read, that the bar progresses appropriately (please don't implement Knight Rider ~progress bards). The alternate is to call that function that makes an item appear in the task bar during the app start...
SELinux Policy Generation Tool: If you choose LoginUsers: Minimal Terminal user role. move to the: Select additional roles for this user: , the list has two items named system. I don't really understand how/why etc, but I would suggest two identical items is at the very least confusing, and either a bug in this tool, or in the data that it access from elsewhere. Trying to apply those settings (I don;t actually know what I'm doing) generated an AVC, same as before. Nothing is written to the policy folder that I requested to create as part of the tool.
David, I will fix these bugs when this package gets released. I currently have to support pretty much the same tool in F13. policycorutils-gui. If we release this, we can remove that package and concentrate on fixing this tool
(In reply to comment #27) > If we release > this, we can remove that package and concentrate on fixing this tool OK, assuming the release early, release often mantra, and I'm expecting this would only be added to F13 (rawhide). One thing concerns me: ln -sf %{_datadir}/system-config-selinux/polgengui.py \ %{buildroot}%{_bindir}/selinux-polgengui ln -sf %{_datadir}/system-config-selinux/system-config-selinux.py \ %{buildroot}%{_bindir}/system-config-selinux $ rpm --eval %{_bindir} /usr/bin $ rpm --eval %{buildroot} /home/davidt/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.i386 $ rpm --eval %{_datadir} /usr/share So these are making a link from / to the raw build machine's buildroot location ? I'm probably misunderstanding how that works. Otherwise, given the main app doesn't even start up, I'm happy enough to approve the package, so that it is in rawhide as soon as possible. Please consider the package APPROVED by dtimms.
(In reply to comment #28) > One thing concerns me: > ln -sf %{_datadir}/system-config-selinux/polgengui.py \ > %{buildroot}%{_bindir}/selinux-polgengui > ln -sf %{_datadir}/system-config-selinux/system-config-selinux.py \ > %{buildroot}%{_bindir}/system-config-selinux > So these are making a link from / to the raw build machine's > buildroot location ? > I'm probably misunderstanding how that works. This is normal for symbolic links. For instance the upper one creates a symbolic link that points to /usr/share/system-config-selinux/polgengui.py and places it in the bindir of the buildroot (since obviously you cannot create it elsewhere). The link is broken when it is created (unless, of course, a previous version of the package is installed on the build system), but works in the rpm itself as long as there's no mistake in the spelling.
(In reply to comment #29) > This is normal for symbolic links. For instance the upper one creates a > symbolic link that points to /usr/share/system-config-selinux/polgengui.py and > places it in the bindir of the buildroot (since obviously you cannot create it > elsewhere). > > The link is broken when it is created (unless, of course, a previous version of > the package is installed on the build system), but works in the rpm itself as > long as there's no mistake in the spelling. OK, thanks Jussi for the explanation. Is there any other package issues that you can see present (well, I approved it anyway (earlier)) ? (In reply to comment #18) (Dan Walsh) > I can own this package and have Chris as a contributer. Can/should the reporter be changed to Dan (as it is he who will request CVS, import it, own and so forth) ?
OK, I had a look at the spec file and came up with a few comments: - instead of %dir %{_datadir}/system-config-selinux %{_datadir}/system-config-selinux/* I would suggest using just %{_datadir}/system-config-selinux/ which does the same thing. (Same for the python_sitelib). - Isn't there a Python egg...? - I think you should Requires: dbus for dir ownership. - Dir issue: $ yum provides /usr/share/PolicyKit/policy/ results in no matches. $ yum provides /usr/share/PolicyKit/ results in no matches. Filed bug #540888.
(In reply to comment #31) > - Dir issue: > $ yum provides /usr/share/PolicyKit/policy/ > results in no matches. > $ yum provides /usr/share/PolicyKit/ > results in no matches. Filed bug #540888. Be advised, this has been fixed in control-center (the only other package that placed files in /usr/share/PolicyKit/policy/). You're using the wrong directory as well. Use %{_datadir}/polkit-1/actions/ for the policy file and add Requires: polkit for dir ownership.
Ok I am changing the package location.
As far as I can see CVS space under devel/system-config-selinux has not been created, and there hasn't been any updates to: https://fedorahosted.org/releases/s/y/system-config-selinux/system-config-selinux.spec to take into account (comment #31) There is about 6x weeks left until F13: 2010-01-26 Feature Submission Deadline 2010-02-16 Alpha Freeze
Is anything happening here? In response to comment 34, no CVS module has been created because CVS hasn't been requested; the last activity on this ticket was to remove the submitter address from CC (though I'm not sure what that would accomplish). In addition, I see some other problems with this ticket: The submitter of this ticket, cpardy, is not a member of the packager group. Thus this ticket should block FE-NEEDSPONSOR, and the review must be done by a sponsor. dtimms (or is it sunset, two accounts with the same name and same username at two different Australian ISPs makes it a bit confusing) is not a sponsor and so can't do the package review. So, let's try to untangle the mess. First, off: Chris, did you still intend to submit this package? If so, let's clear out the fedora-review flag, set FE-NEEDSPONSOR properly, and try to scare up a sponsor. If not, let's close this out. If someone else wants to submit this so it makes it into F13, they should open their own review ticket.
*** Bug 504809 has been marked as a duplicate of this bug. ***
New Package CVS Request ======================= Package Name: system-config-selinux Short Description: system-config-selinux is a utility for managing the SELinux environment Owners: dwalsh chris.pardy Branches: F-13 InitialCC: mgrepl
Jason, I want this package
"chris.pardy" is not a valid Fedora account; cannot add it as a commaintainer. If you meant cpardy, that account is not sponsored and cannot own or comaintain packages. "mgrepl" is not a valid Fedora account. I assume you meant "mgrepl". F-13 is not a valid branch; early branching for F-13 has not yet begun. This whole thing has been highly irregular; generally the person who submits the package should be the one who requests CVS and should be the primary owner. Barring you opening your own review ticket for a proper review, could we at least see the final package with the corrections from comment 31 posted somewhere? And could you submit a corrected CVS request?
New Package CVS Request ======================= Package Name: system-config-selinux Short Description: system-config-selinux is a utility for managing the SELinux environment Owners: dwalsh mgrepl Branches: devel InitialCC: cpardy
Dan / Christopher: Any reply to the questions in comment 35 and/or 39? What can we do to get things moving here? It seems odd to approve a package that doesn't even run yet. Does it now? Is there a link to that updated package?
I have not been able to look at this, but it will not go in until F14 opens up, at this point.
Removing fedora‑cvs for now then. Please re-request when ready.
Ping Christopher, is this package (system-config-selinux) going anywhere..?
No
So.. can we close this bug?
Well the effort here was never picked up. Since I have never had time.