On Thu, 2004-12-09 at 14:52 -0600, Steven Pritchard wrote: > Excuse me for a stupid selinux question... > > Is there something I have to do when packaging a daemon to make > selinux policy apply to it? > > I have an OpenVPN package in the fedora.us QA queue > (https://bugzilla.fedora.us/show_bug.cgi?id=1531). I noticed that > selinux-policy-targeted-sources includes a file openvpn.fc, but I have > no idea how to connect the dots to make it all work... Looking into it a bit, I found that the openvpn.fc sets up the file contexts so that the openvpn files can be confined to an openvpn specific domain. Unfortunately, there isn't an openvpn domain specified at this point. The openvpn.fc file is essentially ignored (with a targeted policy anyway) since there is not an associated domains/program/openvpn.te file to define the domain. As far as the RPM itself goes, I don't think that there is anything specific that you would need to do for OpenVPN. If/when the selinux policies are updated to include a definition for an OpenVPN domain, the files should get labeled properly (either via filesystem relabeling or openvpn rpm upgrade/install). -- David Hollis <dhollis@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
