hello
it seems like selinux policy module rpms should install their interfaces
into /usr/share/selinux/devel/include, but this is missing from
http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules.
are there negative consequences of doing so?
see the suggested changes below.
rob.
--- PackagingDrafts-SELinux-PolicyModules.txt.orig 2007-09-27 10:03:39.000000000 -0400
+++ PackagingDrafts-SELinux-PolicyModules.txt 2007-09-27 10:12:38.000000000 -0400
@@ -321,7 +321,7 @@ BuildRequires: checkpolicy, selinux-pol
Requires: selinux-policy >= %{selinux_policyver}
%endif
Requires: %{name} = %{version}-%{release}
-Requires(post): /usr/sbin/semodule, /sbin/restorecon
+Requires(post): /usr/sbin/semodule, /sbin/restorecon, /usr/bin/sepolgen-ifgen
Requires(postun): /usr/sbin/semodule, /sbin/restorecon
%description selinux
@@ -360,6 +360,11 @@ do
done
cd -
+# Install SELinux interfaces
+install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 SELinux/%{modulename}.if \
+ %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
+
# Hardlink identical policy module packages together
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
@@ -375,6 +380,8 @@ do
done
# Fix up non-standard directory context
/sbin/restorecon %{_localstatedir}/cache/myapp || :
+# Regenerate interfaces information for polgen
+/usr/bin/sepolgen-ifgen || :
%postun selinux
# Clean up after package removal
@@ -398,6 +405,7 @@ fi
%defattr(-,root,root,0755)
%doc SELinux/*
%{_datadir}/selinux/*/%{modulename}.pp
+%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
%changelog
* Mon Jul 31 2006 John Doe <doe(a)example.com> 0.01-1
@@ -425,7 +433,8 @@ BuildRequires: checkpolicy, selinux-pol
%if "%{selinux_policyver}" != ""
Requires: selinux-policy >= %{selinux_policyver}
%endif
-Requires(post): /usr/sbin/semodule, /sbin/fixfiles, myapp
+Requires(post): /usr/sbin/semodule, /sbin/fixfiles, /usr/bin/sepolgen-ifgen
+Requires(post): myapp
Requires(postun): /usr/sbin/semodule
%prep
@@ -461,6 +470,11 @@ do
done
cd -
+# Install SELinux interfaces
+install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 SELinux/%{modulename}.if \
+ %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
+
# Hardlink identical policy module packages together
/usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
@@ -476,6 +490,8 @@ do
done
# Fix up non-standard directory context
/sbin/fixfiles -R myapp restore || :
+# Regenerate interfaces information for polgen
+/usr/bin/sepolgen-ifgen || :
%postun
# Clean up after package removal
@@ -492,6 +508,7 @@ fi
%doc ChangeLog AUTHOR COPYING SELinux/*
%{_bindir}/myapp
%{_datadir}/selinux/*/%{modulename}.pp
+%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
%changelog
* Mon Jul 31 2006 John Doe <doe(a)example.com> 0.01-1