hello it seems like selinux policy module rpms should install their interfaces into /usr/share/selinux/devel/include, but this is missing from http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules. are there negative consequences of doing so? see the suggested changes below. rob. --- PackagingDrafts-SELinux-PolicyModules.txt.orig 2007-09-27 10:03:39.000000000 -0400 +++ PackagingDrafts-SELinux-PolicyModules.txt 2007-09-27 10:12:38.000000000 -0400 @@ -321,7 +321,7 @@ BuildRequires: checkpolicy, selinux-pol Requires: selinux-policy >= %{selinux_policyver} %endif Requires: %{name} = %{version}-%{release} -Requires(post): /usr/sbin/semodule, /sbin/restorecon +Requires(post): /usr/sbin/semodule, /sbin/restorecon, /usr/bin/sepolgen-ifgen Requires(postun): /usr/sbin/semodule, /sbin/restorecon %description selinux @@ -360,6 +360,11 @@ do done cd - +# Install SELinux interfaces +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} +install -p -m 644 SELinux/%{modulename}.if \ + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if + # Hardlink identical policy module packages together /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux @@ -375,6 +380,8 @@ do done # Fix up non-standard directory context /sbin/restorecon %{_localstatedir}/cache/myapp || : +# Regenerate interfaces information for polgen +/usr/bin/sepolgen-ifgen || : %postun selinux # Clean up after package removal @@ -398,6 +405,7 @@ fi %defattr(-,root,root,0755) %doc SELinux/* %{_datadir}/selinux/*/%{modulename}.pp +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if %changelog * Mon Jul 31 2006 John Doe <doe@xxxxxxxxxxx> 0.01-1 @@ -425,7 +433,8 @@ BuildRequires: checkpolicy, selinux-pol %if "%{selinux_policyver}" != "" Requires: selinux-policy >= %{selinux_policyver} %endif -Requires(post): /usr/sbin/semodule, /sbin/fixfiles, myapp +Requires(post): /usr/sbin/semodule, /sbin/fixfiles, /usr/bin/sepolgen-ifgen +Requires(post): myapp Requires(postun): /usr/sbin/semodule %prep @@ -461,6 +470,11 @@ do done cd - +# Install SELinux interfaces +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} +install -p -m 644 SELinux/%{modulename}.if \ + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if + # Hardlink identical policy module packages together /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux @@ -476,6 +490,8 @@ do done # Fix up non-standard directory context /sbin/fixfiles -R myapp restore || : +# Regenerate interfaces information for polgen +/usr/bin/sepolgen-ifgen || : %postun # Clean up after package removal @@ -492,6 +508,7 @@ fi %doc ChangeLog AUTHOR COPYING SELinux/* %{_bindir}/myapp %{_datadir}/selinux/*/%{modulename}.pp +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if %changelog * Mon Jul 31 2006 John Doe <doe@xxxxxxxxxxx> 0.01-1 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
