Paul Howarth wrote: > I think that could depend on the particular relationship between the > policy and the main package. For instance, if in your package you > patched out the need for temp files and you didn't allow it to use them > in the SELinux policy, the policy package would want to conflict with > any version of the main package prior to the addition of the patch. I > favour Conflicts: for these rather than Requires: because I can see > reasons why people would want to install both parts independently of the > other (non-SELinux users would want the main package without the policy, > and people wanting to learn about SELinux might want the policy package > without the main one). I played around with this a bit, and I think that the -selinux subpackage should Requires: the package that it applies to. If you install the -selinux package first, then the base package, the newly installed base package files don't get relabeled and the policy won't have any effect. The solution would be to either add commands to relabel the files in the base package's %post script, or add the Requires: to the selinux subpackage. I'd prefer the latter as it is much simpler. If people want to learn about SELinux then they can grab the src rpm. --Mike
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
