How do we do selinux-policy updates?
Sometimes I get questions how we do selinux-policy updates. How does the process go?
We go through all new bugs every day in the morning. So there are two periods per day because Dan is from USA and I am from Czech Republic.
We add appropriate fixes to the selinux-policy repo on fedorahosted.org first and then we commit changes also to the selinux-policy git repo on fedoraproject.org. But this does not mean we do a new build immediately. The main reason is we want to cover as much bugs by a build as possible. So we do a new build either at the end of the day or the next day. Of course if a build is required we do it when is needed.
Also we are not able to do a new update with an each build. In this case, you can easily download new builds from koji and install them. So if you see
“Fixed in selinux-policy-<version>”
as a comment in a bug, you get a new build very soon. If not, then I have overslept and just ping me. I would like to thank all for testing/using a new builds from koji.
And now a practical example. We got these bugs
https://bugzilla.redhat.com/show_bug.cgi?id=815765
https://bugzilla.redhat.com/show_bug.cgi?id=815767
https://bugzilla.redhat.com/show_bug.cgi?id=815781
https://bugzilla.redhat.com/show_bug.cgi?id=815782
yesterday. All of them have been fixed in the selinux-policy-targeted 3.10.0-87.fc16 package and you can download/install it using
# rpm -Uvh
http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.10.0/87.fc16/noarch/selinux-policy-3.10.0-87.fc16.noarch.rpm http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.10.0/87.fc16/noarch/selinux-policy-targeted-3.10.0-87.fc16.noarch.rpm
So you have a fix, which you can test, until a new update is done.