Activate a SELinux Module at Initial Install
Daniel J Walsh
dwalsh at redhat.com
Tue Sep 2 20:08:39 UTC 2014
Where are you running semodule -i in your spec file?
On 08/27/2014 04:10 PM, Dustin C. Hatch wrote:
> Hello,
>
> I have a SELinux module that I've packaged following the SELinux Policy
> Modules Packaging Draft[1] on the Fedora wiki. This module is fairly
> simple and just adjusts the contexts of some files. The package works
> well, and automatically activates the module and fixes file labels when
> it is installed on the running machine using Yum. Unfortunately, it does
> not work as smoothly if it is installed during initial setup by
> Anaconda. In this case, the module is available but not activated
> automatically; I have to manually run `semodule -i …` and `restorecon`
> on the first boot.
>
> Is there a recommended way to automatically activate a module that was
> installed from an additional package by Anaconda?
>
> Any ideas or pointers would be greatly appreciated.
>
> [1] http://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft
>
> Regards,
>
More information about the selinux
mailing list