On 09/05/2014 11:29 AM, Dustin C. Hatch wrote:
On 09/05/2014 08:36 AM, Miroslav Grepl wrote:
> I would go with
>
> %define selinuxtype targeted
>
> ..
> ..
>
> %post
>
> %{_sbindir}/semodule -n -s %{selinuxtype} -i
%{_datadir}/selinux/packages/%{modulename}.pp
>
> if %{_sbindir}/selinuxenabled ; then
> %{_sbindir}/load_policy
> %relabel_files
> fi
>
Thanks, unfortunately, this has the same overall effect; the module gets
loaded automatically when installed by Yum, but not when installed by
Anaconda, and the same error message is given in the latter case.
/usr/sbin/semodule: SELinux policy is not managed or store cannot be
accessed.
I tested the openscap-selinux package and while it uses this same
technique, it does not suffer from the same issue. I noticed that
Anaconda installs it after selinux-policy-targeted, but it installs my
packages before. Comparing that spec to mine, I noticed that it
specifies selinux-policy-base in Requires(post), but I did not. Adding
that changed the installation order, and now my policy is correctly
loaded at install time. Would it be possible to update SELinux Policy
Modules Packaging Draft wiki page to include this? Presently, the only
dependencies it recommends adding are selinux-policy and policycoreutils.
Thanks for your help!
--
♫Dustin