Hello everyone,
I maintain an RPM that installs .te and .fc files. In the past, contributing to the system's SELinux policy could be done by installing files in /etc/security/selinux/src/policy (I'm not sure this is right to begin with):
%policy %{_sysconfdir}/security/selinux/src/policy/macros/ pam_mount_macros.te
%policy %{_sysconfdir}/security/selinux/src/policy/file_contexts/misc/ pam_mount.fc
However, now policies may be in /etc/selinux/strict/src/policy/ or / etc/selinux/targeted/src/policy/. It is also possible that only one of these directories exists.
What is the proper procedure for an RPM to contribute to the system's SELinux policy? My RPM introduces new contexts and provides new allow statements. The Fedora Core 2 SELinux FAQ does not seem to address these questions, though it does allude to SELinux-related RPM hooks.
-- Mike
