-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jerry James wrote: > 2008/11/7 yersinia <yersinia.spiros@xxxxxxxxx>: >> Do look useful this docu ? >> >> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules > > Thank you. That is a very useful document. However, it does not > appear to answer my question. I need a non-default security context > for binaries that are both built and executed in the %build script, > when the policy module has not yet been installed. It appears to me > that there are only two ways to accomplish this: keep abusing > java_exec_t like I have been, or get a GCL policy incorporated into > selinux-policy* prior to building GCL. Am I wrong? Is there some > other option? Does anyone have any guidance to offer me on which > option to pursue? Thanks, I would go with the chcon solution you have but instead of hard coding the java_exec_t, I would execute You can get the context of the final destination of the file using chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl Which seems to be a fine way of doing. this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkUVl4ACgkQrlYvE4MpobN7FgCfQYUN5Xeui9NAYfyaDGisUqKV hyYAoJbnNpRFq4hsVhClKDDysq+CBPJ7 =GYSP -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
