.if installation
Daniel J Walsh
dwalsh at redhat.com
Fri Sep 28 13:42:09 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
rob myers wrote:
> hello
>
> it seems like selinux policy module rpms should install their interfaces
> into /usr/share/selinux/devel/include, but this is missing from
> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules.
>
> are there negative consequences of doing so?
>
> see the suggested changes below.
>
> rob.
>
> --- PackagingDrafts-SELinux-PolicyModules.txt.orig 2007-09-27 10:03:39.000000000 -0400
> +++ PackagingDrafts-SELinux-PolicyModules.txt 2007-09-27 10:12:38.000000000 -0400
> @@ -321,7 +321,7 @@ BuildRequires: checkpolicy, selinux-pol
> Requires: selinux-policy >= %{selinux_policyver}
> %endif
> Requires: %{name} = %{version}-%{release}
> -Requires(post): /usr/sbin/semodule, /sbin/restorecon
> +Requires(post): /usr/sbin/semodule, /sbin/restorecon, /usr/bin/sepolgen-ifgen
> Requires(postun): /usr/sbin/semodule, /sbin/restorecon
>
> %description selinux
> @@ -360,6 +360,11 @@ do
> done
> cd -
>
> +# Install SELinux interfaces
> +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
> +install -p -m 644 SELinux/%{modulename}.if \
> + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
> +
> # Hardlink identical policy module packages together
> /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
>
> @@ -375,6 +380,8 @@ do
> done
> # Fix up non-standard directory context
> /sbin/restorecon %{_localstatedir}/cache/myapp || :
> +# Regenerate interfaces information for polgen
> +/usr/bin/sepolgen-ifgen || :
>
> %postun selinux
> # Clean up after package removal
> @@ -398,6 +405,7 @@ fi
> %defattr(-,root,root,0755)
> %doc SELinux/*
> %{_datadir}/selinux/*/%{modulename}.pp
> +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
>
> %changelog
> * Mon Jul 31 2006 John Doe <doe at example.com> 0.01-1
> @@ -425,7 +433,8 @@ BuildRequires: checkpolicy, selinux-pol
> %if "%{selinux_policyver}" != ""
> Requires: selinux-policy >= %{selinux_policyver}
> %endif
> -Requires(post): /usr/sbin/semodule, /sbin/fixfiles, myapp
> +Requires(post): /usr/sbin/semodule, /sbin/fixfiles, /usr/bin/sepolgen-ifgen
> +Requires(post): myapp
> Requires(postun): /usr/sbin/semodule
>
> %prep
> @@ -461,6 +470,11 @@ do
> done
> cd -
>
> +# Install SELinux interfaces
> +install -d %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}
> +install -p -m 644 SELinux/%{modulename}.if \
> + %{buildroot}%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
> +
> # Hardlink identical policy module packages together
> /usr/sbin/hardlink -cv %{buildroot}%{_datadir}/selinux
>
> @@ -476,6 +490,8 @@ do
> done
> # Fix up non-standard directory context
> /sbin/fixfiles -R myapp restore || :
> +# Regenerate interfaces information for polgen
> +/usr/bin/sepolgen-ifgen || :
>
> %postun
> # Clean up after package removal
> @@ -492,6 +508,7 @@ fi
> %doc ChangeLog AUTHOR COPYING SELinux/*
> %{_bindir}/myapp
> %{_datadir}/selinux/*/%{modulename}.pp
> +%{_datadir}/selinux/devel/include/%{moduletype}/%{modulename}.if
>
> %changelog
> * Mon Jul 31 2006 John Doe <doe at example.com> 0.01-1
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I think they should be installed there. You will need to run
sepolgen-ifgen if you want audit2allow to find them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG/QSxrlYvE4MpobMRAqcPAJ9bZsc0PIJZ06UrAQedpi+rKedDYgCeLr1J
Ab2M9pov6aSu+MddlycEFTU=
=NrP5
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list