Re: Converting selinux commands into a policy file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/14/2017 10:25 AM, Richard Shaw wrote:
I have been working on packaging the Ubiquity Unifi controller software for Fedora and EPEL and the package actually works pretty well. 

I've created a review request on RPM Fusion non-free since it's not FOSS and I've only been given permission to package/distribute. 

Currently I handle the selinux issues in %post as follows:

semanage fcontext -a -t mongod_log_t \
    "%{_localstatedir}/log/unifi(/.*)?" 2>/dev/null || :
semanage fcontext -a -t mongod_var_lib_t \
    "%{_sharedstatedir}/unifi/data(/.*)?" 2>/dev/null || :
restorecon -R %{_localstatedir}/log/unifi || :
restorecon -R %{_sharedstatedir}/unifi/data || :
semanage port -a -t mongod_port_t -p tcp 27117 2>/dev/null || :

The Fedora packaging wiki's I can find all seem to be drafts and fare more complicated...

Is it acceptable to do this in %post or do I really need to turn these into policy files and provide them as a subpackage?

Thanks,
Richard


_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx

It is fine to do this in post.  You could combine the commands together into one semanage command, if this is slow.

Similarly you can run a single restorecon command.

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux