Making Fedora a contributer friendly environment
Karl MacMillan
kmacmill at redhat.com
Thu May 10 15:50:46 UTC 2007
On Thu, 2007-05-10 at 16:33 +0100, Paul Howarth wrote:
> Till Maas wrote:
> > On Do Mai 10 2007, Karl MacMillan wrote:
> >
[...]
> >
> > I would be happy, if I am wrong with this. But if this problem is not solvable
> > with semanage, imho semanage is not a good way to add selinux support to a
> > package.
>
> I agree entirely, and would advocate using a policy module instead of
> semanage, even if all the module contains are file contexts and no rules
> (you may need a dummy rule that duplicates an existing one to get the
> module to build and install properly though). Policy modules have
> versioning built in and so upgrades work as expected. It's just a lot
> more work to package them.
>
I'm not convinced of this yet, but I can be. The modules seem like
overkill in many ways, though we could make it possible to make a file
context only module. That would ease some of the pain.
> For simple context fixes, getting them into the main selinux-policy
> package is almost certainly the best and least hassle method though.
>
Agreed.
Karl
More information about the fedora-devel-list
mailing list