rpms/pam_ssh/F-8 pam_ssh.te,NONE,1.1 pam_ssh.spec,1.13,1.14
Patrice Dumas
pertusus at free.fr
Mon Nov 26 13:38:43 UTC 2007
On Mon, Nov 26, 2007 at 03:20:33PM +0300, Dmitry Butskoy wrote:
> [snip]
>
>> +%post
>> +semodule -i %{_datadir}/selinux/packages/%{name}/%{name}.pp || :
>> +
>> +%postun
>> +if [ "$1" -eq "0" ]; then
>> + semodule -r %{module} || :
>> +fi
>>
>
> AFAIK a lot of people just do not use SELinux and even prefer to remove its
> packages. It seems to me that a hard requirement of "policycoreutils" is
> not a good thing here.
>
> Maybe just check in %post and %postun whether the "semodule" binary is
> present (i.e., "[ -x /usr/sbin/semodule ] && ....")? Or use %triggerin for
> policycoreutils...
%triggerin should really be avoided. What would be nice would be to
have something similar with icons post scripts. But it isn't obvious
that selinux can do all the modules handling at any point.
In any case selinux handling should be in
http://fedoraproject.org/wiki/Packaging/ScriptletSnippets
done by selinux people with the packaging commitee control.
Certainly a task for FESCo to drive such guideline.
I'll try to remember it for the next meeting.
--
Pat
More information about the fedora-devel-list
mailing list