Where should an RPM install .te/.fc files?
W. Michael Petullo
mike at flyn.org
Wed Jun 16 00:56:23 UTC 2004
Hello everyone,
I maintain an RPM that installs .te and .fc files. In the past,
contributing to the system's SELinux policy could be done by installing
files in /etc/security/selinux/src/policy (I'm not sure this is right
to begin with):
%policy %{_sysconfdir}/security/selinux/src/policy/macros/
pam_mount_macros.te
%policy %{_sysconfdir}/security/selinux/src/policy/file_contexts/misc/
pam_mount.fc
However, now policies may be in /etc/selinux/strict/src/policy/ or /
etc/selinux/targeted/src/policy/. It is also possible that only one of
these directories exists.
What is the proper procedure for an RPM to contribute to the system's
SELinux policy? My RPM introduces new contexts and provides new allow
statements. The Fedora Core 2 SELinux FAQ does not seem to address
these questions, though it does allude to SELinux-related RPM hooks.
--
Mike
More information about the selinux
mailing list