On Mon, 2008-06-16 at 13:56 -0400, Vikram Ambrose wrote: > Stephen Smalley wrote: > > Note that they get installed to $DESTDIR/usr/share/selinux/$SELINUXTYPE > > by make install. In Fedora, they are packaged as such, then when you > > install the package on the target host, they are unpacked > > to /usr/share/selinux/$SELINUXTYPE by the package manager and then a % > > post scriptlet runs semodule on them to install them under /etc/selinux > > and load them. > > > > > In Fedora, does anaconda chroot into the sysroot and call semodule > during installation? Some combination of anaconda and rpm, yes. semodule runs from a %post scriptlet in the selinux-policy-targeted package at package install time. > > Options for you might include: > > 1) Run semodule_link and semodule_expand at build time to link and > > expand the modules to a kernel policy up front. Then you can just put > > the files into place without running semodule later. > > > I will investigate this option further, thank you. Ok. You can see an example of it in the 'make validate' target, although that is just to check that they will link and expand successfully; it isn't used to install the policy normally and likely doesn't keep the final result around. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
