RPM to include SELinux information?
lists at alderfamily.org
lists at alderfamily.org
Mon Nov 7 22:18:39 UTC 2011
I know this doesn't answer your question regarding spec file contents; and I see your issue. But you might want to check out the "semanage" command. "chcon" isn't going to persist if selinux does a relabel (which happens regularly in some environments).
You might want check out the section "5.7.2 Persistent Changes: semanage fcontext" here.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/pdf/Security-Enhanced_Linux/Red_Hat_Enterprise_Linux-6-Beta-Security-Enhanced_Linux-en-US.pdf
Steve Alder - RHCE
-----Original Message-----
From: redhat-sysadmin-list-bounces at redhat.com [mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Dmitry Makovey
Sent: Monday, November 07, 2011 15:59
To: redhat-sysadmin-list at redhat.com
Subject: RPM to include SELinux information?
Hi,
I'm trying to build RPM that deploys application into SELinux environment, for it to work I need to label $application_dir with httpd_sys_content_t so that httpd can read it. What is the best approach to this? Adding
%postinst
chcon -t httpd_sys_content_t $application_dir
seems kind of hacky, are there any macros (like %attr) that could help? So far quick look at fedora and RH documents yeilded no results, I may have missed something though so please let me know if I did.
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen
When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
More information about the redhat-sysadmin-list
mailing list