On 5/16/06, Paul Howarth <paul(a)city-fan.org> wrote:
Stephen Smalley wrote:
> On Tue, 2006-03-14 at 10:29 +0000, Paul Howarth wrote:
>> Is there any documentation anywhere on including SELinux Policy Modules
>> in packages (e.g. for Extras) in FC5? For instance, is there a directory
>> where modules can be dropped into so that they get picked up
>> aotomatically? Where should they live?
>
This rather defeats the purpose of having the separate -policy package,
since I need to use restorecon to fix the file contexts at post-install
time in case both packages are installed in the same transaction (a
likely scenario). I could do this equally well using a single package,
but it's untidy (I have to specify the pathnames that need non-standard
contexts in both the .fc policy file and as an argument to restorecon in
%post). I really prefer the separate package solution, but I think that
would need changes in rpm, which might be hard to get done.
Any thoughts?
An ugly ugly ugly fix might be to have a triggerpost that does a
restorecon/setcon on the files when the parent package is installed.
That way it ensures the package is reset correctly. Again ugly and
might not work.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
Stephen J Smoogen.
CSIRT/Linux System Administrator