[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: package review?

On Fri, 2006-07-28 at 18:04 -0700, Michael Thomas wrote:
> Paul Howarth wrote:
> > On Thu, 2006-07-27 at 16:57 -0700, Michael Thomas wrote:
> >> I played around with this a bit, and I think that the -selinux 
> >> subpackage should Requires: the package that it applies to.  If you
> >>  install the -selinux package first, then the base package, the
> >> newly installed base package files don't get relabeled and the
> >> policy won't have any effect.
> > 
> > 
> > If the selinux package includes the appropriate file contexts in the
> > .fc file, installing it first has the advantage that RPM will label
> > the main package's files correctly at install time and no relabelling
> > is necessary at all.
> This isn't working for me if the main package and -selinux package are
> in the same rpm transaction.
> I have a set of packages on FC5 with this:
> %post selinux
> semodule -i %{_datadir}/selinux/packages/xpilotd/xpilotd.pp || :
> /sbin/restorecon -R %{_bindir}/xpilot-ng-meta || :
> The rpm transaction installs the -selinux subpackage first, which
> installs the xpilot policy file which has a file context for
> /usr/bin/xpilot-ng-meta.  But when rpm installs the main package next in
> the transaction, the xpilot-ng-meta file does not get labelled correctly.
> However, if I install these packages in separate transactions, then the
> file gets labelled correctly regardless of which order the packages get
> installed.  It almost seems as if the selinux policy does not really
> take effect until after the rpm transaction has finished, even though
> semodule -i was called in %post.
> Adding 'Requires: %{name}' to the -selinux subpackage does seem to fix
> the problem, however, as it seems to force the installation of the
> -selinux package last, which relabels things correctly.

You're right. I've now followed suit and split off an selinux subpackage
in my mod_fcgid example (this avoids having a dependency on
selinux-policy in the main package).


I think it's now in a fit state to start writing up the guidelines,
which I'll make a start on soon.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]