How to make SELinux file context permanent?
Ivan Gyurdiev
ivg2 at cornell.edu
Mon Apr 3 23:52:45 UTC 2006
Ignacio Vazquez-Abrams wrote:
> On Mon, 2006-04-03 at 23:30 +0200, Gérard Milmeister wrote:
>
>> I have two packages, gcl and ecl, lisp compilers, that
>> need a context change of some binaries from
>> system_u:object_r:lib_t
>> to
>> system_u:object_r:textrel_shlib_t
>> These files reside in subdirectories of /usr/lib. Is it
>> possible to set context during RPM creation?
>> In any case, the changes are not permament, because after
>> a relabeling (or restorecon) of the filesystem, the context
>> reverts to the default.
>> What is the least painless way to do this correctly?
>>
Ask upstream why text relocations are needed. Refer to this URL:
http://people.redhat.com/drepper/selinux-mem.html
If text relocations are not needed, upstream should fix the package.
If text relocations are needed, file a bug against policy.
>
> In FC5 it's to create a policy module and load it during %post.
Creating a policy module should not be necessary - you can use the
semanage command with the fcontext option to add file context
specification to the local config. However, adding a workaround is *not*
the correct solution.
More information about the fedora-extras-list
mailing list