rpms/pam_ssh/F-8 pam_ssh.te,NONE,1.1 pam_ssh.spec,1.13,1.14
Jeremy Katz
katzj at redhat.com
Mon Nov 26 15:27:30 UTC 2007
On Mon, 2007-11-26 at 16:54 +0300, Dmitry Butskoy wrote:
> Patrice Dumas wrote:
> > On Mon, Nov 26, 2007 at 03:20:33PM +0300, Dmitry Butskoy wrote:
> >>
> >> Maybe just check in %post and %postun whether the "semodule" binary is
> >> present (i.e., "[ -x /usr/sbin/semodule ] && ....")? Or use %triggerin for
> >> policycoreutils...
> >>
> >
> > %triggerin should really be avoided.
>
> But if the user will decide to use SELinux (install all needed packages)
> later? Then it should re-install pam_ssh to activate its policies...
This is one of the (many) reasons why it's currently better to get
policy into the main selinux-policy package rather than trying to do
hacks to carry policy in the package.
It'd be really nice if we could get to where policy was able to be
cleanly carried within packages :-/
Jeremy
More information about the fedora-devel-list
mailing list