Leszek Matok wrote:
Dnia 03-04-2006, pon o godzinie 19:52 -0400, Ivan Gyurdiev napisał(a):
Creating a policy module should not be necessary - you can use the
semanage command with the fcontext option to add file context
specification to the local config. However, adding a workaround is *not*
the correct solution.
Please explain. Why is binding the context to the packaged file a
workaround, while maintaining one big list of all files that people
possibly could put on their systems (year, right, dream on) is a
solution?
Neither is a solution, the correct solution is to remove the need for
text relocation in the first place if possible. As far as modules are
concerned, I agree that this is the long-term goal, but AFAIK how
modules will work with rpm has yet to be worked out - I believe Dan
Walsh is working on this, I am not sure what the current status is.
For me it's natural that a file context is bound to the file and should
be transported with it/stay sticked to it. semanage is already somewhat
portable (I can check for its presence, I can check for particular
type/role I'm interested in - my RPM package can still be installed on
any system, regardless of SELinux presence, policies and so on), and
remember it doesn't really need to if I know what system I'm building
for (and this is Fedora Extras, not a "Build a completely cross-distro
RPM packages-HowTo").
Yes, file context need to be stored in the package, nobody is arguing
against modularity. Separating compile-time and link-time are just part
of the problem, however - the other details still have to be worked out
about how modules will be installed alongside the standard rpm transaction.
--
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list
