Re: .te files in packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(I just subscribed, so I'm replying from the list archive...)

Given that FC2 is no longer shipping with SELinux enabled by default, it
makes sense to have a separate policy package for individual packages,
IMHO.  The policy package would depend on policy-sources and the parent
package and could easily do:

%post
cd /etc/security/selinux/src/polixy
make load

PACKAGELIST="parent-package parent-package-devel"

for PACKAGE in $PACKAGELIST; do
  if /bin/rpm -q $PACKAGE > /dev/null 2>&1; then
    /bin/rpm -ql $PACKAGE | /usr/sbin/setfiles -s \
                            /etc/security/selinux/file_contexts
  fi
done
================================================================

Of course all of this would be greatly enhanced by an rpm macro that
handled adding all other packages built from the same spec file as the
policy package.  Heck, the macro could have options to exclude packages
or include separately compiled packages in the list.
-- 
Shahms King <shahms@xxxxxxxxxx>


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux