Closed keszybz closed 3 weeks ago
This is fully untested.
I found a few spots where there were duplicated rules after sbin patterns were replaced by bin.
I'm not sure why the CI fails. I built the rpms locally and they seem fine. As a test, I installed the updated policy packages on a F40 VM and it boots fine and selinux seems to work. I'll test on a system with merged-sbin tomorrow.
OK, this has been tested properly now. I found a few more spots where there were duplicate (identical) rules after the substitutions. This is all fixed now, except for dkim and qemu, which had duplicate rules in two different files already before. This doesn't seem to cause problems, so I left it as is.
I built a package for rawhide with those patches, and installed it in a fresh Cloud Rawhide image (Fedora-Cloud-Base-Generic.x86_64-Rawhide-20240415.n.0.qcow2). There are no AVCs after a reboot and everything seems to work fine. After that, I installed a bunch of packages with merged-sbin (from https://copr.fedorainfracloud.org/coprs/zbyszek/merged-sbin/), and rebooted, and it seems that the selinux policy works as expected. (There are some other problems, but related to missing /sbin paths, not any selinux problems).
So I think this works as expected and could be merged.
https://src.fedoraproject.org/rpms/selinux-policy/pull-request/409 is the pull request against dist-git that I was testing.
@zpytela I'd appreciate a review.
So finally merging, thank you.
Great, thanks!
Also finish the merge of /bin→/usr/bin and /sbin/→/usr/sbin.