.te files in packages
Shahms King
shahms at shahms.com
Wed Apr 21 18:00:02 UTC 2004
(I just subscribed, so I'm replying from the list archive...)
Given that FC2 is no longer shipping with SELinux enabled by default, it
makes sense to have a separate policy package for individual packages,
IMHO. The policy package would depend on policy-sources and the parent
package and could easily do:
%post
cd /etc/security/selinux/src/polixy
make load
PACKAGELIST="parent-package parent-package-devel"
for PACKAGE in $PACKAGELIST; do
if /bin/rpm -q $PACKAGE > /dev/null 2>&1; then
/bin/rpm -ql $PACKAGE | /usr/sbin/setfiles -s \
/etc/security/selinux/file_contexts
fi
done
================================================================
Of course all of this would be greatly enhanced by an rpm macro that
handled adding all other packages built from the same spec file as the
policy package. Heck, the macro could have options to exclude packages
or include separately compiled packages in the list.
--
Shahms King <shahms at shahms.com>
More information about the fedora-selinux-list
mailing list