On 16/10/2007, Karel Zak < kzak@xxxxxxxxxx> wrote:On Tue, Oct 16, 2007 at 11:12:48AM +0200, Tomas Mraz wrote:
>
> On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
> > On Mon, 2007-10-15 at 23:31 +0200, Karel Zak wrote:
> > > Couldn't be better to maintain default selinux labels like others
> > > file attributes?
> > >
> > > %attr(4755,root,root) %selinux(foo_t) /bin/foo
we have more policies, so probably:
%selinux(policynameA, context_t), %selinux(policynameB, context_t),
I'm not mad keen on having to do these kind of actions in spec files. This does not scale well.
On 16/10/2007, Gianluca Sforna <giallu@xxxxxxxxx> wrote:
I don't want to mess around with SELinux contexts. Can't this be made part of %post or something? Speaking as an amateur I'm really not in favour of an additional piece of work that has to be added to the spec. Documenting another change is ... not great.
CheersOn 10/16/07, Tomas Mraz <tmraz@xxxxxxxxxx> wrote:
>
> On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
> >
> > I was thinking many times why don't we already do it this way. Much more
> > elegant and maintainable than restorecon in scriptlets.
> And how does that take care of updating file_contexts so the labels are
> not lost on the next filesystem relabel? This only means that the
> initial labelling information is duplicated on two places and that
> doesn't seem to me like a good idea.
Also, I'm sure you don't want Joe sub-average packager (that is... me)
to mess around with SELinux contexts...
I don't want to mess around with SELinux contexts. Can't this be made part of %post or something? Speaking as an amateur I'm really not in favour of an additional piece of work that has to be added to the spec. Documenting another change is ... not great.
Chris
--
http://www.chruz.com
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list