Hello,
I think for newcomers it is sometimes difficult to find the packages to install if they want to use some tools. The relevant packages are AFAIK: selinux-policy, audit, libselinux-utils, setools, setools-console, policycoreutils-python, setroubleshoot and maybe few others.
The most confusing is in my humble opinion semanage tool which is present in policycoreutils-python. With image deployment which is popular in infrastructure clouds, administrators need to deal with minimum OS installs very often and some tools are usually missing in RHEL/Fedora. And they are not finding them.
Thus I propose to create new yum group SELinux Development that would help installing these tools all in once. And then spreading the word. What folks think about this?
On Fri, 2014-07-11 at 10:40 +0200, Lukas Zapletal wrote:
Hello,
I think for newcomers it is sometimes difficult to find the packages to install if they want to use some tools. The relevant packages are AFAIK: selinux-policy, audit, libselinux-utils, setools, setools-console, policycoreutils-python, setroubleshoot and maybe few others.
The most confusing is in my humble opinion semanage tool which is present in policycoreutils-python. With image deployment which is popular in infrastructure clouds, administrators need to deal with minimum OS installs very often and some tools are usually missing in RHEL/Fedora. And they are not finding them.
Thus I propose to create new yum group SELinux Development that would help installing these tools all in once. And then spreading the word. What folks think about this?
Probably best to skip the yum group idea and go straight through to the spreading the word phase.
You see none of the packages you described are (or have to be) really required.
Chances are that you do not want those on a minimal system. You will probably want to keep things minimal.
Even then, a yum group idea would still not be optimal because not all packages are always useful.
RPM dependencies will take care of pulling the requirements per package.
On 07/14/2014 04:46 PM, Dominick Grift wrote:
On Fri, 2014-07-11 at 10:40 +0200, Lukas Zapletal wrote:
Hello,
I think for newcomers it is sometimes difficult to find the packages to install if they want to use some tools. The relevant packages are AFAIK: selinux-policy, audit, libselinux-utils, setools, setools-console, policycoreutils-python, setroubleshoot and maybe few others.
The most confusing is in my humble opinion semanage tool which is present in policycoreutils-python. With image deployment which is popular in infrastructure clouds, administrators need to deal with minimum OS installs very often and some tools are usually missing in RHEL/Fedora. And they are not finding them.
Thus I propose to create new yum group SELinux Development that would help installing these tools all in once. And then spreading the word. What folks think about this?
Probably best to skip the yum group idea and go straight through to the spreading the word phase.
You see none of the packages you described are (or have to be) really required.
Chances are that you do not want those on a minimal system. You will probably want to keep things minimal.
Even then, a yum group idea would still not be optimal because not all packages are always useful.
RPM dependencies will take care of pulling the requirements per package.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
I agree with Dominick. Basically we want to split them to more packages to have a minimal install. Maybe a blog about tools would be helpful.
Btw.
$ man selinux . .. ... SEE ALSO booleans(8), setsebool(8), sepolicy(8), system-config-selinux(8), togglesebool(8), restorecon(8), fixfiles(8), setfiles(8), semanage(8), sepolicy(8)
$ yum search <tool>
We probably would have also seinfo(8), sesearch(8) in this list.
$ man selinux . .. ... SEE ALSO booleans(8), setsebool(8), sepolicy(8), system-config-selinux(8), togglesebool(8), restorecon(8), fixfiles(8), setfiles(8), semanage(8), sepolicy(8)
$ yum search <tool>
The problem I have is that package names are unintuitive and I always end up with doing yum search. What I am trying to do is to make things more approachable.
I was thinking about yum group or metapackage but I need to admit that installing them all is not the best way too.
I think what could be feasible is to add relevant packages to the man page. I would like to send a pull request, but I see only man/ru/ subdirectory in git. I see it was removed, but not sure where do I find them now.
Thanks
selinux@lists.fedoraproject.org
-
Dominick Grift -
Lukas Zapletal -
Miroslav Grepl