[SOLVED] Activate a SELinux Module at Initial Install
Dustin C. Hatch
dustin.hatch at firemon.com
Fri Sep 5 17:55:56 UTC 2014
On 09/05/2014 11:29 AM, Dustin C. Hatch wrote:
> On 09/05/2014 08:36 AM, Miroslav Grepl wrote:
>> I would go with
>>
>> %define selinuxtype targeted
>>
>> ..
>> ..
>>
>> %post
>>
>> %{_sbindir}/semodule -n -s %{selinuxtype} -i %{_datadir}/selinux/packages/%{modulename}.pp
>>
>> if %{_sbindir}/selinuxenabled ; then
>> %{_sbindir}/load_policy
>> %relabel_files
>> fi
>>
>
> Thanks, unfortunately, this has the same overall effect; the module gets
> loaded automatically when installed by Yum, but not when installed by
> Anaconda, and the same error message is given in the latter case.
>
> /usr/sbin/semodule: SELinux policy is not managed or store cannot be
> accessed.
>
I tested the openscap-selinux package and while it uses this same
technique, it does not suffer from the same issue. I noticed that
Anaconda installs it after selinux-policy-targeted, but it installs my
packages before. Comparing that spec to mine, I noticed that it
specifies selinux-policy-base in Requires(post), but I did not. Adding
that changed the installation order, and now my policy is correctly
loaded at install time. Would it be possible to update SELinux Policy
Modules Packaging Draft wiki page to include this? Presently, the only
dependencies it recommends adding are selinux-policy and policycoreutils.
Thanks for your help!
--
♫Dustin
More information about the selinux
mailing list