[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: If you are maintinaing of developing a Fedora Package.



On 16/10/2007, Karel Zak < kzak redhat com> wrote:On Tue, Oct 16, 2007 at 11:12:48AM +0200, Tomas Mraz wrote:
>
> On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
> > On Mon, 2007-10-15 at 23:31 +0200, Karel Zak wrote:
> > >  Couldn't be better to maintain default selinux labels like others
> > >  file attributes?
> > >
> > >      %attr(4755,root,root) %selinux(foo_t)  /bin/foo

we have more policies, so probably:

%selinux(policynameA, context_t), %selinux(policynameB, context_t),

I'm not mad keen on having to do these kind of actions in spec files. This does not scale well.

On 16/10/2007, Gianluca Sforna <giallu gmail com> wrote:
On 10/16/07, Tomas Mraz <tmraz redhat com> wrote:
>
> On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
> >
> > I was thinking many times why don't we already do it this way. Much more
> > elegant and maintainable than restorecon in scriptlets.
> And how does that take care of updating file_contexts so the labels are
> not lost on the next filesystem relabel? This only means that the
> initial labelling information is duplicated on two places and that
> doesn't seem to me like a good idea.

Also, I'm sure you don't want Joe sub-average packager (that is... me)
to mess around with SELinux contexts...

I don't want to mess around with SELinux contexts. Can't this be made part of %post or something? Speaking as an amateur I'm really not in favour of an additional piece of work that has to be added to the spec. Documenting another change is ... not great.

Cheers
Chris

--
http://www.chruz.com
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]