SELinux RPM scriplet issue annoucement

Michael Schwendt mschwendt at
Mon Jan 20 09:42:42 UTC 2014

On Mon, 20 Jan 2014 01:53:42 -0500, Nathaniel McCallum wrote:

> Is it possible to build a one-time build of selinux-policy without
> scriptlets so that the update will succeed?

Define what you mean with "update will succeed". Simply replacing the
bad package with a new package doesn't fix it. The selinux-policy-targeted
scriptlets run some stuff to activate the changed policy. See:
  rpm -q --scripts selinux-policy-targeted
Some of that would need to be run manually, at least.

Also don't forget other updates in the same transaction. They won't
install without problems as long as RPM scriptlets don't execute.

More information about the devel mailing list