On Tue, 2008-06-17 at 16:22 -0500, Jason L Tibbitts III wrote:
> I just came across a package that does this:
>
> %post
> /usr/bin/chcon -t unconfined_execmem_exec_t %{_libexecdir}/haddock.bin >/dev/null 2>&1 || :
>
> rpmlint complains bitterly about it, and honestly I'm really not sure
> what's supposed to happen here. This is a ghc-compiled binary. (ghc
> is a Haskell compiler.)
>
> So, if you have a binary in a package that really needs this context,
> is running chcon in %post the right way to do it?
I'd suggest getting the filecontext into policy so that RPM lays it down
that way. And no chcon is not the right way (reverted on system
relabel). use semanage fcontext -a and then restorecon if you cannot
for some reason push the correct context upstream into policy.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
