On Wed, 2005-12-07 at 16:18 +0100, Nicklas Norling wrote:
Been looking around for quite some time and have found very little
about
how one is
supposed to create rpm packages with selinux content.
Specifically I'm trying to create a rpm package of trac
http://projects.edgewall.com/trac/.
The Wiki there suggests .fc and .te files for it
http://projects.edgewall.com/trac/wiki/TracWithSeLinux.
How would you recommend I go about this project. Does selinux contain a
system
for plugging in .te and .fc files so contexts are recognized during the
package install or
should I submitt these files for inclusion in the normal policy packages
and wait for it
to hit the fans?
Do anyone have any pointers to best practis in these situations? What
can the .spec file
do in order to keep track of selinux permissions etc.
Current practice is just to submit patches to the single monolithic
policy to add your .te and .fc files there rather than trying to package
them with your software package. However, FC5 (development) has
incorporated the new support for binary policy modules, which allows
individual .te and .fc files to be precompiled and packaged together and
shipped separate from the base policy package. So it depends on what
you are targeting, e.g. if you are looking ahead to FC5 or just trying
to get things working in FC4.
--
Stephen Smalley
National Security Agency