On Mon, Nov 26, 2007 at 03:20:33PM +0300, Dmitry Butskoy wrote:
> [snip]
>
>> +%post
>> +semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp || :
>> +
>> +%postun
>> +if [ "$1" -eq "0" ]; then
>> + semodule -r %{module} || :
>> +fi
>>
>
> AFAIK a lot of people just do not use SELinux and even prefer to remove its
> packages. It seems to me that a hard requirement of "policycoreutils" is
> not a good thing here.
>
> Maybe just check in %post and %postun whether the "semodule" binary is
> present (i.e., "[ -x /usr/sbin/semodule ] && ....")? Or use %triggerin for
> policycoreutils...
%triggerin should really be avoided. What would be nice would be to
have something similar with icons post scripts. But it isn't obvious
that selinux can do all the modules handling at any point.
In any case selinux handling should be in
http://fedoraproject.org/wiki/Packaging/ScriptletSnippets
done by selinux people with the packaging commitee control.
Certainly a task for FESCo to drive such guideline.
I'll try to remember it for the next meeting.
--
Pat
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
