[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: .te files in packages



(I just subscribed, so I'm replying from the list archive...)

Given that FC2 is no longer shipping with SELinux enabled by default, it
makes sense to have a separate policy package for individual packages,
IMHO.  The policy package would depend on policy-sources and the parent
package and could easily do:

%post
cd /etc/security/selinux/src/polixy
make load

PACKAGELIST="parent-package parent-package-devel"

for PACKAGE in $PACKAGELIST; do
  if /bin/rpm -q $PACKAGE > /dev/null 2>&1; then
    /bin/rpm -ql $PACKAGE | /usr/sbin/setfiles -s \
                            /etc/security/selinux/file_contexts
  fi
done
================================================================

Of course all of this would be greatly enhanced by an rpm macro that
handled adding all other packages built from the same spec file as the
policy package.  Heck, the macro could have options to exclude packages
or include separately compiled packages in the list.
-- 
Shahms King <shahms shahms com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]