SELinux Module Packaging in FC5
Stephen John Smoogen
smooge at gmail.com
Tue May 16 15:34:14 UTC 2006
On 5/16/06, Paul Howarth <paul at city-fan.org> wrote:
> Stephen Smalley wrote:
> > On Tue, 2006-03-14 at 10:29 +0000, Paul Howarth wrote:
> >> Is there any documentation anywhere on including SELinux Policy Modules
> >> in packages (e.g. for Extras) in FC5? For instance, is there a directory
> >> where modules can be dropped into so that they get picked up
> >> aotomatically? Where should they live?
> >
>
> This rather defeats the purpose of having the separate -policy package,
> since I need to use restorecon to fix the file contexts at post-install
> time in case both packages are installed in the same transaction (a
> likely scenario). I could do this equally well using a single package,
> but it's untidy (I have to specify the pathnames that need non-standard
> contexts in both the .fc policy file and as an argument to restorecon in
> %post). I really prefer the separate package solution, but I think that
> would need changes in rpm, which might be hard to get done.
>
> Any thoughts?
>
An ugly ugly ugly fix might be to have a triggerpost that does a
restorecon/setcon on the files when the parent package is installed.
That way it ensures the package is reset correctly. Again ugly and
might not work.
> Paul.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the fedora-selinux-list
mailing list