Re: .if installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

rob myers wrote:
> hello
> 
> it seems like selinux policy module rpms should install their interfaces
> into /usr/share/selinux/devel/include, but this is missing from 
> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules.
> 
> are there negative consequences of doing so?
> 
> see the suggested changes below.
> 
> rob.
> 
> --- PackagingDrafts-SELinux-PolicyModules.txt.orig	2007-09-27 10:03:39.000000000 -0400
> +++ PackagingDrafts-SELinux-PolicyModules.txt	2007-09-27 10:12:38.000000000 -0400
> @@ -321,7 +321,7 @@ BuildRequires:  checkpolicy, selinux-pol
>  Requires:       selinux-policy >= %{selinux_policyver}
>  %endif
>  Requires:       %{name} = %{version}-%{release}
> -Requires(post):   /usr/sbin/semodule, /sbin/restorecon
> +Requires(post):   /usr/sbin/semodule, /sbin/restorecon, /usr/bin/sepolgen-ifgen
>  Requires(postun): /usr/sbin/semodule, /sbin/restorecon
>  
>  %description selinux
> @@ -360,6 +360,11 @@ do
>  done
>  cd -
>  
> +# Install SELinux interfaces
> +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
> +install -p -m 644 SELinux/%{modulename}.if \
> +  %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
> +
>  # Hardlink identical policy module packages together
>  /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
>  
> @@ -375,6 +380,8 @@ do
>  done
>  # Fix up non-standard directory context
>  /sbin/restorecon %{_localstatedir}/cache/myapp || :
> +# Regenerate interfaces information for polgen
> +/usr/bin/sepolgen-ifgen || :
>  
>  %postun selinux
>  # Clean up after package removal
> @@ -398,6 +405,7 @@ fi
>  %defattr(-,root,root,0755)
>  %doc SELinux/*
>  %{_datadir}/selinux/*/%{modulename}.pp
> +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
>  
>  %changelog
>  * Mon Jul 31 2006 John Doe <doe@xxxxxxxxxxx> 0.01-1
> @@ -425,7 +433,8 @@ BuildRequires:  checkpolicy, selinux-pol
>  %if "%{selinux_policyver}" != ""
>  Requires:       selinux-policy >= %{selinux_policyver}
>  %endif
> -Requires(post):   /usr/sbin/semodule, /sbin/fixfiles, myapp
> +Requires(post):   /usr/sbin/semodule, /sbin/fixfiles, /usr/bin/sepolgen-ifgen
> +Requires(post):   myapp
>  Requires(postun): /usr/sbin/semodule
>  
>  %prep
> @@ -461,6 +470,11 @@ do
>  done
>  cd -
>  
> +# Install SELinux interfaces
> +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
> +install -p -m 644 SELinux/%{modulename}.if \
> +  %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
> +
>  # Hardlink identical policy module packages together
>  /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
>  
> @@ -476,6 +490,8 @@ do
>  done
>  # Fix up non-standard directory context
>  /sbin/fixfiles -R myapp restore || :
> +# Regenerate interfaces information for polgen
> +/usr/bin/sepolgen-ifgen || :
>  
>  %postun
>  # Clean up after package removal
> @@ -492,6 +508,7 @@ fi
>  %doc ChangeLog AUTHOR COPYING SELinux/*
>  %{_bindir}/myapp
>  %{_datadir}/selinux/*/%{modulename}.pp
> +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
>  
>  %changelog
>  * Mon Jul 31 2006 John Doe <doe@xxxxxxxxxxx> 0.01-1
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

I think they should be installed there.  You will need to run
sepolgen-ifgen if you want audit2allow to find them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG/QSxrlYvE4MpobMRAqcPAJ9bZsc0PIJZ06UrAQedpi+rKedDYgCeLr1J
Ab2M9pov6aSu+MddlycEFTU=
=NrP5
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux