On 09/02/2014 03:08 PM, Daniel J Walsh wrote: > On 08/27/2014 04:10 PM, Dustin C. Hatch wrote: >> Hello, >> >> I have a SELinux module that I've packaged following the SELinux Policy >> Modules Packaging Draft[1] on the Fedora wiki. This module is fairly >> simple and just adjusts the contexts of some files. The package works >> well, and automatically activates the module and fixes file labels when >> it is installed on the running machine using Yum. Unfortunately, it does >> not work as smoothly if it is installed during initial setup by >> Anaconda. In this case, the module is available but not activated >> automatically; I have to manually run `semodule -i …` and `restorecon` >> on the first boot. >> >> Is there a recommended way to automatically activate a module that was >> installed from an additional package by Anaconda? >> >> Any ideas or pointers would be greatly appreciated. >> >> [1] http://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft >> > Where are you running semodule -i in your spec file? In the %post scriptlet[1]: %post for v in %{selinux_variants}; do /usr/sbin/semodule -s $v \ -i %{_datadir}/selinux/$v/%{semodule_name}.pp >&- 2>&- || : done /sbin/restorecon -R %{basedir} || : I changed the output redirection to send to a log, and I see this error message: /usr/sbin/semodule: SELinux policy is not managed or store cannot be accessed. [1] http://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft#Scriptlets -- ♫Dustin -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
