If you are maintinaing of developing a Fedora Package.
Christopher Brown
snecklifter at gmail.com
Tue Oct 16 14:32:29 UTC 2007
>
> On 16/10/2007, Karel Zak <kzak at redhat.com> wrote:On Tue, Oct 16, 2007 at
> 11:12:48AM +0200, Tomas Mraz wrote:
> >
> > On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
> > > On Mon, 2007-10-15 at 23:31 +0200, Karel Zak wrote:
> > > > Couldn't be better to maintain default selinux labels like others
> > > > file attributes?
> > > >
> > > > %attr(4755,root,root) %selinux(foo_t) /bin/foo
>
> we have more policies, so probably:
>
> %selinux(policynameA, context_t), %selinux(policynameB, context_t),
>
I'm not mad keen on having to do these kind of actions in spec files. This
does not scale well.
On 16/10/2007, Gianluca Sforna <giallu at gmail.com> wrote:
>
> On 10/16/07, Tomas Mraz <tmraz at redhat.com> wrote:
> >
> > On Tue, 2007-10-16 at 10:59 +0200, Lubomir Kundrak wrote:
> > >
> > > I was thinking many times why don't we already do it this way. Much
> more
> > > elegant and maintainable than restorecon in scriptlets.
> > And how does that take care of updating file_contexts so the labels are
> > not lost on the next filesystem relabel? This only means that the
> > initial labelling information is duplicated on two places and that
> > doesn't seem to me like a good idea.
>
> Also, I'm sure you don't want Joe sub-average packager (that is... me)
> to mess around with SELinux contexts...
I don't want to mess around with SELinux contexts. Can't this be made part
of %post or something? Speaking as an amateur I'm really not in favour of an
additional piece of work that has to be added to the spec. Documenting
another change is ... not great.
Cheers
Chris
--
http://www.chruz.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20071016/c0809585/attachment.htm>
More information about the fedora-devel-list
mailing list