SELinux settings in SPEC file
Aurelien Bompard
gauret at free.fr
Thu Apr 13 20:18:32 UTC 2006
Gérard Milmeister wrote:
> I have now the following lines in the SPEC file for gcl:
>
> Requires(post): policycoreutils
> Requires(postun): policycoreutils
> ...
> %post
> /usr/sbin/semanage fcontext -a -t textrel_shlib_t
> "%{_libdir}/gcl-%{version}/unixport/saved_ansi_gcl"
> /sbin/restorecon "%{_libdir}/gcl-%{version}/unixport/saved_ansi_gcl"
> %postun
> /usr/sbin/semanage fcontext -d -t textrel_shlib_t
> "%{_libdir}/gcl-%{version}/unixport/saved_ansi_gcl"
>
> Is this acceptable? The package only builds with SELinux disabled,
> but this is the case on the buildsystem, so I don't think it
> will be a problem.
I've been asking questions on fedora-selinux-list recently to add SELinux
support to Awstats, and I've come up with almost the same additions : a
call to semanage to add the policy and a call to chcon to set the context.
The use of chcon was what I've been suggested, but restorecon looks OK to me
too.
I've been thinking about setting up a Wiki page about it, or adding a
section to the Packaging/Guidelines
Well. It's a wiki. I'm going to do that.
Aurélien
--
http://aurelien.bompard.org ~~~~ Jabber : abompard at jabber.fr
"Never trust a computer you can't throw out a window." -- Steve Wozniak
More information about the fedora-extras-list
mailing list