On Thu, 2006-06-29 at 20:11 -0700, Jens Petersen wrote:
Author: petersen
Update of /cvs/extras/rpms/haddock/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16242
Modified Files:
haddock.spec
Log Message:
- set selinux unconfined_execmem_exec_t context to allow running under
targeted policy (#195821)
Index: haddock.spec
===================================================================
RCS file: /cvs/extras/rpms/haddock/devel/haddock.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- haddock.spec 29 Jun 2006 12:23:45 -0000 1.2
+++ haddock.spec 30 Jun 2006 03:11:26 -0000 1.3
@@ -10,6 +10,8 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: ghc libxslt docbook-style-xsl
+# need chcon
+PreReq: coreutils
%description
Haddock is a tool for automatically generating hyperlinked documentation from
@@ -53,6 +55,11 @@
%clean
rm -rf ${RPM_BUILD_ROOT}
+
+%post
+/usr/bin/chcon -t unconfined_execmem_exec_t %{_libexecdir}/haddock.bin >/dev/null
2>&1 || :
I think, we should implement a policy to make
* Requires(pre|post)
mandatory instead of PreReq
* To make file deps on tools being used in %pre|post scripts mandatory.
Ralf