Re: Activate a SELinux Module at Initial Install

On 08/27/2014 04:10 PM, Dustin C. Hatch wrote: > Hello, > > I have a SELinux module that I've packaged following the SELinux Policy > Modules Packaging Draft[1] on the Fedora wiki. This module is fairly > simple and just adjusts the contexts of some files. The package works > well, and automatically activates the module and fixes file labels when > it is installed on the running machine using Yum. Unfortunately, it does > not work as smoothly if it is installed during initial setup by > Anaconda. In this case, the module is available but not activated > automatically; I have to manually run `semodule -i …` and `restorecon` > on the first boot. > > Is there a recommended way to automatically activate a module that was > installed from an additional package by Anaconda? > > Any ideas or pointers would be greatly appreciated. > > [1] http://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft > Where are you running semodule -i in your spec file?