package review?

[Michael Thomas]

Paul Howarth wrote:
> I think that could depend on the particular relationship between the
> policy and the main package. For instance, if in your package you
> patched out the need for temp files and you didn't allow it to use them
> in the SELinux policy, the policy package would want to conflict with
> any version of the main package prior to the addition of the patch. I
> favour Conflicts: for these rather than Requires: because I can see
> reasons why people would want to install both parts independently of the
> other (non-SELinux users would want the main package without the policy,
> and people wanting to learn about SELinux might want the policy package
> without the main one).

I played around with this a bit, and I think that the -selinux
subpackage should Requires: the package that it applies to.  If you
install the -selinux package first, then the base package, the newly
installed base package files don't get relabeled and the policy won't
have any effect.

The solution would be to either add commands to relabel the files in the
base package's %post script, or add the Requires: to the selinux
subpackage.  I'd prefer the latter as it is much simpler.

If people want to learn about SELinux then they can grab the src rpm.

--Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060727/c84f5e96/attachment.bin>