Paul Howarth wrote:
I think that could depend on the particular relationship between the
policy and the main package. For instance, if in your package you
patched out the need for temp files and you didn't allow it to use them
in the SELinux policy, the policy package would want to conflict with
any version of the main package prior to the addition of the patch. I
favour Conflicts: for these rather than Requires: because I can see
reasons why people would want to install both parts independently of the
other (non-SELinux users would want the main package without the policy,
and people wanting to learn about SELinux might want the policy package
without the main one).
I played around with this a bit, and I think that the -selinux
subpackage should Requires: the package that it applies to. If you
install the -selinux package first, then the base package, the newly
installed base package files don't get relabeled and the policy won't
have any effect.
The solution would be to either add commands to relabel the files in the
base package's %post script, or add the Requires: to the selinux
subpackage. I'd prefer the latter as it is much simpler.
If people want to learn about SELinux then they can grab the src rpm.
--Mike