Jan-Frode Myklebust wrote:
I've been building syslog-ng RPMs, with the needed selinux module
as a separate sub-package following the instructions at:
http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
but there's a problem with the logics of having the selinux package
"Requires: main package", as then the main package will get installed
and started before there is a working policy installed.
So, is there any way of re-ordering this, without having the main
package depend on the selinux package? i.e. I want to allow someone
to install only the syslog-ng-2.0.4-12.i386.rpm if they don't want
the selinux module, but I want the selinux module to be installed
first if both are installed in the same operation.
My current srpm --> http://tanso.net/yum/packages/syslog-ng-2.0.4-12.src.rpm
I think it would be better to just ship the policy pp file in your rpm.
But looking through your policy, most of it is already in the base policy.
allow syslogd_t device_t:sock_file { getattr unlink };
> This looks like a bug, It should not happen
allow syslogd_t rsh_port_t:tcp_socket name_bind;
allow syslogd_t inaddr_any_node_t:tcp_socket node_bind;
allow syslogd_t self:tcp_socket { create listen bind setopt };
> In FC7
allow syslogd_t syslogd_var_lib_t:dir { search write add_name };
allow syslogd_t syslogd_var_lib_t:file { create write getattr read };
> This should be added to FC7
-jf
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list