Open LecrisUT opened 5 months ago
at a guess, the AVCs just don't happen on every package install. It probably depends on scriptlets, other packages in the transaction, and so on. Look at the full logs:
the success case is very simple - the package has no deps that aren't already installed (I guess python and whatever else it needs are already there), and the package itself has no scriptlets, it only triggers a single other scriptlet (from glibc). The failure case is far more complex - it pulls in 170+ additional dependencies, many of which run scriptlets. I would guess that something in that whole set is what triggers the AVCs. Unfortunately it doesn't look like it's possible to see exactly when during the transaction the AVCs were triggered, from that log.
I am confused by the selinux checks and reports:
But the random bodhi update happened after openssh got stable, so why is that not failing on selinux. This failure is really weird. @AdamWill you investigated this at one point, do you have any ideas?