1 |
On Thu, Aug 21, 2014 at 10:42:21PM +0400, Jason Zaman wrote: |
2 |
> > Something like so (which we can do in the selinux-policy-2.eclass): |
3 |
> > |
4 |
> > pkg_postinst() { |
5 |
> > # Find all packages with this package in their RDEPEND |
6 |
> > PKGSET=$(equery -q depends ${CATEGORY}/${PN}) |
7 |
> > for PKG in ${PKGSET}; |
8 |
> > do |
9 |
> > rlpkg ${PKG}; |
10 |
> > done |
11 |
> > } |
12 |
> |
13 |
> This looks like it would work apart from the optional equery. What about |
14 |
> if the user does not want something relabelled after updating if they |
15 |
> have special circumstances? We might want a way to say don't touch this |
16 |
> package I'll do it myself. Alternatively the user would just have to set |
17 |
> it in semange fcontext and it'll be fine. |
18 |
|
19 |
Do you have a specific situation in mind? As far as I see, the relabeling is |
20 |
an almost mandatory step (even right now). What users can (and should) do if |
21 |
they don't want the default labels is to define their own labels and policy, |
22 |
and in those cases the relabeling operation (by rlpkg) will be correct |
23 |
anyway (as it uses the SELinux context definitions on the system). |
24 |
|
25 |
Wkr, |
26 |
Sven Vermeulen |