package review?

[Paul Howarth]

On Thu, 2006-07-27 at 16:57 -0700, Michael Thomas wrote:
> Paul Howarth wrote:
> > I think that could depend on the particular relationship between the
> > policy and the main package. For instance, if in your package you
> > patched out the need for temp files and you didn't allow it to use them
> > in the SELinux policy, the policy package would want to conflict with
> > any version of the main package prior to the addition of the patch. I
> > favour Conflicts: for these rather than Requires: because I can see
> > reasons why people would want to install both parts independently of the
> > other (non-SELinux users would want the main package without the policy,
> > and people wanting to learn about SELinux might want the policy package
> > without the main one).
> 
> I played around with this a bit, and I think that the -selinux
> subpackage should Requires: the package that it applies to.  If you
> install the -selinux package first, then the base package, the newly
> installed base package files don't get relabeled and the policy won't
> have any effect.

If the selinux package includes the appropriate file contexts in the .fc
file, installing it first has the advantage that RPM will label the main
package's files correctly at install time and no relabelling is
necessary at all.

Unfortunately it's still necessary to have relabelling in the %post
script of the selinux package because file file contexts won't get set
properly if both packages are installed in the same RPM transaction (a
deficiency in rpm's transaction ordering).

Paul.