When creating an SELinux policy to go with my package, I write a .fc file. However, the .fc file format does not seem amenable to relocatable RPMs.
Is there a recommendation for how to handle the relocation in policies? I wouldn't like to mandate a dependency on selinux-policy-devel.
Marko
Hi,
On 11/24/2015 10:27 AM, Marko Rauhamaa wrote:
When creating an SELinux policy to go with my package, I write a .fc file. However, the .fc file format does not seem amenable to relocatable RPMs.
I'm not sure what do you mean by "relocatable RPMs". Could you give some example?
Is there a recommendation for how to handle the relocation in policies? I wouldn't like to mandate a dependency on selinux-policy-devel.
Marko
selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Thank you.
Lukas Vrabec lvrabec@redhat.com:
On 11/24/2015 10:27 AM, Marko Rauhamaa wrote:
When creating an SELinux policy to go with my package, I write a .fc file. However, the .fc file format does not seem amenable to relocatable RPMs.
I'm not sure what do you mean by "relocatable RPMs". Could you give some example?
http://www.rpm.org/max-rpm/ch-rpm-reloc.html
Marko
You still need to compile it so you need to have a dependency on selinux-policy-devel. You could define labels using semanage in %post scripts if you want to avoid shipping of own policy.
selinux@lists.fedoraproject.org
-
Lukas Vrabec -
Marko Rauhamaa -
Miroslav Grepl