Selinux and RPM packaging (trac)
Stephen Smalley
sds at tycho.nsa.gov
Wed Dec 7 15:35:48 UTC 2005
On Wed, 2005-12-07 at 16:18 +0100, Nicklas Norling wrote:
> Been looking around for quite some time and have found very little about
> how one is
> supposed to create rpm packages with selinux content.
>
> Specifically I'm trying to create a rpm package of trac
> http://projects.edgewall.com/trac/.
> The Wiki there suggests .fc and .te files for it
> http://projects.edgewall.com/trac/wiki/TracWithSeLinux.
>
> How would you recommend I go about this project. Does selinux contain a
> system
> for plugging in .te and .fc files so contexts are recognized during the
> package install or
> should I submitt these files for inclusion in the normal policy packages
> and wait for it
> to hit the fans?
>
> Do anyone have any pointers to best practis in these situations? What
> can the .spec file
> do in order to keep track of selinux permissions etc.
Current practice is just to submit patches to the single monolithic
policy to add your .te and .fc files there rather than trying to package
them with your software package. However, FC5 (development) has
incorporated the new support for binary policy modules, which allows
individual .te and .fc files to be precompiled and packaged together and
shipped separate from the base policy package. So it depends on what
you are targeting, e.g. if you are looking ahead to FC5 or just trying
to get things working in FC4.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list