This happens with strict refpolicy also. I think the entire dependency detection process is broken by the ricci module, whose dependencies aren't satisfiable at all with the module packages installed.
Run with the ricci module includes, semodule_deps produces no graphviz output
at all:
$ semodule_deps -g /usr/share/selinux/refpolicy-targeted/base.pp $(ls
/usr/share/selinux/refpolicy-targeted/*.pp | grep -v /base.pp)
libsepol.print_missing_requirements: ricci's global requirements were not met:
type/attribute consoletype_exec_t
semodule_deps: Error while linking packages
However, throwing ricci out, the dependencies resolve normally:
$ semodule_deps -g /usr/share/selinux/refpolicy-targeted/base.pp $(ls
/usr/share/selinux/refpolicy-targeted/*.pp | grep -v /base.pp | grep -v
/ricci.pp )
digraph mod_deps {
overlap=false
uucp -> inetd
ddcprobe -> kudzu
vmware -> xserver
vmware -> netutils
calamaris -> squid
openca -> apache
rhgb -> xserver
cvs -> inetd
djbdns -> daemontools
djbdns -> ucspitcp
webalizer -> apache
nx -> ssh
rssh -> ssh
dbskk -> inetd
uwimap -> inetd
amanda -> inetd
mozilla -> xserver
finger -> inetd
mplayer -> xserver
comsat -> inetd
rshd -> inetd
tcpd -> inetd
telnet -> remotelogin
telnet -> inetd
ktalk -> inetd
awstats -> apache
cups -> lpd
portslave -> ssh
portslave -> ppp
bitlbee -> inetd
thunderbird -> xserver
evolution -> xserver
evolution -> udev
stunnel -> inetd
yam -> apache
rlogin -> remotelogin
rlogin -> inetd
xen -> lvm
xen -> netutils
}
I tried this with the applicable code from the postinst clipped out to a
standlone script, and the %Deps hash is properly populated.
--
Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com
Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
signature.asc
Description: Digital signature
