Usage of /usr/share/selinux/packages

[Daniel J Walsh]

On 06/02/2009 08:05 AM, Paul Howarth wrote:
> KaiGai Kohei wrote:
>> Daniel J Walsh wrote:
>>> On 06/01/2009 07:44 PM, KaiGai Kohei wrote:
>>>> In the latest selinux-policy package, I could find an empty directory
>>>> at /usr/share/selinux/packages .
>>>>
>>>> What is the purpose? Is it intended to store policy packages installed
>>>> by other RPMs (such as mod_selinux)?
>>>>
>>>> Thanks,
>>> Yes the idea was to provide a location for third parties to put their PP
>>> files.
>>
>> Hmm... Now, I provide two types of policy packages (targeted and mls).
>> Do you have any guideline to deploy these files?
>>
>> For example, the mod_selinux installs its policy modules at:
>> /usr/share/selinux/targeted/mod_selinux.pp
>> and
>> /usr/share/selinux/mls/mod_selinux.pp
>>
Well not sure what the differences are between the two policies, but 
maybe we should consider a mechanism for installing one policy and 
having it turn on different componants depending on the type.

Most policy packages would work on all types of policy, so installing in 
a policy type specific directory does not make sense for them.

>> If we put them on a single directory, it conflicts due to the name.
>
> I think /usr/share/selinux/packages is a hangover from when packaging
> modules in RPMs was first being considered. The draft guidelines (which
> are old but still relevant) suggest that mod_selinux is doing the right
> thing.
>
> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
>
> Paul.
>
Bottom line, is you can install them anywhere you want, I don't care. 
We were asked to allocate a directory for third parties to install their 
packages if they so choose.  Personally I always thought they should go 
into directories owned by the package

/usr/share/mod_selinux/MLS and /usr/share/mod_selinux/targeted for example.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list