| 1 |
On Thu, Aug 21, 2014 at 10:42:21PM +0400, Jason Zaman wrote: |
| 2 |
> > Something like so (which we can do in the selinux-policy-2.eclass): |
| 3 |
> > |
| 4 |
> > pkg_postinst() { |
| 5 |
> > # Find all packages with this package in their RDEPEND |
| 6 |
> > PKGSET=$(equery -q depends ${CATEGORY}/${PN}) |
| 7 |
> > for PKG in ${PKGSET}; |
| 8 |
> > do |
| 9 |
> > rlpkg ${PKG}; |
| 10 |
> > done |
| 11 |
> > } |
| 12 |
> |
| 13 |
> This looks like it would work apart from the optional equery. What about |
| 14 |
> if the user does not want something relabelled after updating if they |
| 15 |
> have special circumstances? We might want a way to say don't touch this |
| 16 |
> package I'll do it myself. Alternatively the user would just have to set |
| 17 |
> it in semange fcontext and it'll be fine. |
| 18 |
|
| 19 |
Do you have a specific situation in mind? As far as I see, the relabeling is |
| 20 |
an almost mandatory step (even right now). What users can (and should) do if |
| 21 |
they don't want the default labels is to define their own labels and policy, |
| 22 |
and in those cases the relabeling operation (by rlpkg) will be correct |
| 23 |
anyway (as it uses the SELinux context definitions on the system). |
| 24 |
|
| 25 |
Wkr, |
| 26 |
Sven Vermeulen |
Archives