On Thu, 2007-05-10 at 16:33 +0100, Paul Howarth wrote: > Till Maas wrote: > > On Do Mai 10 2007, Karl MacMillan wrote: > > [...] > > > > I would be happy, if I am wrong with this. But if this problem is not solvable > > with semanage, imho semanage is not a good way to add selinux support to a > > package. > > I agree entirely, and would advocate using a policy module instead of > semanage, even if all the module contains are file contexts and no rules > (you may need a dummy rule that duplicates an existing one to get the > module to build and install properly though). Policy modules have > versioning built in and so upgrades work as expected. It's just a lot > more work to package them. > I'm not convinced of this yet, but I can be. The modules seem like overkill in many ways, though we could make it possible to make a file context only module. That would ease some of the pain. > For simple context fixes, getting them into the main selinux-policy > package is almost certainly the best and least hassle method though. > Agreed. Karl -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
