.if installation

rob myers rob.myers at gtri.gatech.edu
Thu Sep 27 14:33:32 UTC 2007 

hello

it seems like selinux policy module rpms should install their interfaces
into /usr/share/selinux/devel/include, but this is missing from 
http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules.

are there negative consequences of doing so?

see the suggested changes below.

rob.

--- PackagingDrafts-SELinux-PolicyModules.txt.orig	2007-09-27 10:03:39.000000000 -0400
+++ PackagingDrafts-SELinux-PolicyModules.txt	2007-09-27 10:12:38.000000000 -0400
@@ -321,7 +321,7 @@ BuildRequires:  checkpolicy, selinux-pol
 Requires:       selinux-policy >= %{selinux_policyver}
 %endif
 Requires:       %{name} = %{version}-%{release}
-Requires(post):   /usr/sbin/semodule, /sbin/restorecon
+Requires(post):   /usr/sbin/semodule, /sbin/restorecon, /usr/bin/sepolgen-ifgen
 Requires(postun): /usr/sbin/semodule, /sbin/restorecon
 
 %description selinux
@@ -360,6 +360,11 @@ do
 done
 cd -
 
+# Install SELinux interfaces
+install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 SELinux/%{modulename}.if \
+  %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
+
 # Hardlink identical policy module packages together
 /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
 
@@ -375,6 +380,8 @@ do
 done
 # Fix up non-standard directory context
 /sbin/restorecon %{_localstatedir}/cache/myapp || :
+# Regenerate interfaces information for polgen
+/usr/bin/sepolgen-ifgen || :
 
 %postun selinux
 # Clean up after package removal
@@ -398,6 +405,7 @@ fi
 %defattr(-,root,root,0755)
 %doc SELinux/*
 %{_datadir}/selinux/*/%{modulename}.pp
+%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
 
 %changelog
 * Mon Jul 31 2006 John Doe <doe at example.com> 0.01-1
@@ -425,7 +433,8 @@ BuildRequires:  checkpolicy, selinux-pol
 %if "%{selinux_policyver}" != ""
 Requires:       selinux-policy >= %{selinux_policyver}
 %endif
-Requires(post):   /usr/sbin/semodule, /sbin/fixfiles, myapp
+Requires(post):   /usr/sbin/semodule, /sbin/fixfiles, /usr/bin/sepolgen-ifgen
+Requires(post):   myapp
 Requires(postun): /usr/sbin/semodule
 
 %prep
@@ -461,6 +470,11 @@ do
 done
 cd -
 
+# Install SELinux interfaces
+install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
+install -p -m 644 SELinux/%{modulename}.if \
+  %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
+
 # Hardlink identical policy module packages together
 /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
 
@@ -476,6 +490,8 @@ do
 done
 # Fix up non-standard directory context
 /sbin/fixfiles -R myapp restore || :
+# Regenerate interfaces information for polgen
+/usr/bin/sepolgen-ifgen || :
 
 %postun
 # Clean up after package removal
@@ -492,6 +508,7 @@ fi
 %doc ChangeLog AUTHOR COPYING SELinux/*
 %{_bindir}/myapp
 %{_datadir}/selinux/*/%{modulename}.pp
+%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
 
 %changelog
 * Mon Jul 31 2006 John Doe <doe at example.com> 0.01-1

More information about the fedora-selinux-list mailing list