On Tue, Oct 16, 2007 at 11:12:48AM +0200, Tomas Mraz wrote:
>
> On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
> > On Mon, 2007-10-15 at 23:31 +0200, Karel Zak wrote:
> > > Couldn't be better to maintain default selinux labels like others
> > > file attributes?
> > >
> > > %attr(4755,root,root) %selinux(foo_t) /bin/foo
we have more policies, so probably:
%selinux(policynameA, context_t), %selinux(policynameB, context_t),
> >
> > I was thinking many times why don't we already do it this way. Much more
> > elegant and maintainable than restorecon in scriptlets.
> And how does that take care of updating file_contexts so the labels are
> not lost on the next filesystem relabel? This only means that the
I'm talking about labels distribution only. You can locally at your
system extract these information from .rpm and add/update/delete your
local label database.
package.rpm --> rpm -i --> add labels to label DB
--> rpm -U --> update label DB
--> rpm -e --> delete from DB
The label DB is source for all relabel operations.
My $0.02..
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
