-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 rob myers wrote: > hello > > it seems like selinux policy module rpms should install their interfaces > into /usr/share/selinux/devel/include, but this is missing from > http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules. > > are there negative consequences of doing so? > > see the suggested changes below. > > rob. > > --- PackagingDrafts-SELinux-PolicyModules.txt.orig 2007-09-27 10:03:39.000000000 -0400 > +++ PackagingDrafts-SELinux-PolicyModules.txt 2007-09-27 10:12:38.000000000 -0400 > @@ -321,7 +321,7 @@ BuildRequires: checkpolicy, selinux-pol > Requires: selinux-policy >= %{selinux_policyver} > %endif > Requires: %{name} = %{version}-%{release} > -Requires(post): /usr/sbin/semodule, /sbin/restorecon > +Requires(post): /usr/sbin/semodule, /sbin/restorecon, /usr/bin/sepolgen-ifgen > Requires(postun): /usr/sbin/semodule, /sbin/restorecon > > %description selinux > @@ -360,6 +360,11 @@ do > done > cd - > > +# Install SELinux interfaces > +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} > +install -p -m 644 SELinux/%{modulename}.if \ > + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if > + > # Hardlink identical policy module packages together > /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux > > @@ -375,6 +380,8 @@ do > done > # Fix up non-standard directory context > /sbin/restorecon %{_localstatedir}/cache/myapp || : > +# Regenerate interfaces information for polgen > +/usr/bin/sepolgen-ifgen || : > > %postun selinux > # Clean up after package removal > @@ -398,6 +405,7 @@ fi > %defattr(-,root,root,0755) > %doc SELinux/* > %{_datadir}/selinux/*/%{modulename}.pp > +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if > > %changelog > * Mon Jul 31 2006 John Doe <doe@xxxxxxxxxxx> 0.01-1 > @@ -425,7 +433,8 @@ BuildRequires: checkpolicy, selinux-pol > %if "%{selinux_policyver}" != "" > Requires: selinux-policy >= %{selinux_policyver} > %endif > -Requires(post): /usr/sbin/semodule, /sbin/fixfiles, myapp > +Requires(post): /usr/sbin/semodule, /sbin/fixfiles, /usr/bin/sepolgen-ifgen > +Requires(post): myapp > Requires(postun): /usr/sbin/semodule > > %prep > @@ -461,6 +470,11 @@ do > done > cd - > > +# Install SELinux interfaces > +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype} > +install -p -m 644 SELinux/%{modulename}.if \ > + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if > + > # Hardlink identical policy module packages together > /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux > > @@ -476,6 +490,8 @@ do > done > # Fix up non-standard directory context > /sbin/fixfiles -R myapp restore || : > +# Regenerate interfaces information for polgen > +/usr/bin/sepolgen-ifgen || : > > %postun > # Clean up after package removal > @@ -492,6 +508,7 @@ fi > %doc ChangeLog AUTHOR COPYING SELinux/* > %{_bindir}/myapp > %{_datadir}/selinux/*/%{modulename}.pp > +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if > > %changelog > * Mon Jul 31 2006 John Doe <doe@xxxxxxxxxxx> 0.01-1 > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list I think they should be installed there. You will need to run sepolgen-ifgen if you want audit2allow to find them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFG/QSxrlYvE4MpobMRAqcPAJ9bZsc0PIJZ06UrAQedpi+rKedDYgCeLr1J Ab2M9pov6aSu+MddlycEFTU= =NrP5 -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
