On 5/16/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Stephen Smalley wrote: > On Tue, 2006-03-14 at 10:29 +0000, Paul Howarth wrote: >> Is there any documentation anywhere on including SELinux Policy Modules >> in packages (e.g. for Extras) in FC5? For instance, is there a directory >> where modules can be dropped into so that they get picked up >> aotomatically? Where should they live? >
This rather defeats the purpose of having the separate -policy package, since I need to use restorecon to fix the file contexts at post-install time in case both packages are installed in the same transaction (a likely scenario). I could do this equally well using a single package, but it's untidy (I have to specify the pathnames that need non-standard contexts in both the .fc policy file and as an argument to restorecon in %post). I really prefer the separate package solution, but I think that would need changes in rpm, which might be hard to get done. Any thoughts?
An ugly ugly ugly fix might be to have a triggerpost that does a restorecon/setcon on the files when the parent package is installed. That way it ensures the package is reset correctly. Again ugly and might not work.
Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- Stephen J Smoogen. CSIRT/Linux System Administrator -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
