Re: RPM with seperate selinux package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jan-Frode Myklebust wrote:
I've been building syslog-ng RPMs, with the needed selinux module
as a separate sub-package following the instructions at:

	http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules

but there's a problem with the logics of having the selinux package
"Requires: main package", as then the main package will get installed
and started before there is a working policy installed.

So, is there any way of re-ordering this, without having the main package depend on the selinux package? i.e. I want to allow someone
to install only the syslog-ng-2.0.4-12.i386.rpm if they don't want
the selinux module, but I want the selinux module to be installed
first if both are installed in the same operation.

My current srpm --> http://tanso.net/yum/packages/syslog-ng-2.0.4-12.src.rpm


I think it would be better to just ship the policy pp file in your rpm.

But looking through your policy, most of it is already in the base policy.


allow syslogd_t device_t:sock_file { getattr unlink };
> This looks like a bug,  It should not happen

allow syslogd_t rsh_port_t:tcp_socket name_bind;
allow syslogd_t inaddr_any_node_t:tcp_socket node_bind;
allow syslogd_t self:tcp_socket { create listen  bind setopt };
> In FC7

allow syslogd_t syslogd_var_lib_t:dir { search write add_name };
allow syslogd_t syslogd_var_lib_t:file { create write getattr read };
> This should be added to FC7

   -jf

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux