On February 3, 2012 09:41:07 Paul Howarth wrote:
You could actually include pre-built modules with the necessary
policy
in your packages, e.g. as described in:
http://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft
didn't notice that document before - thanks for the reference.
So if package A and package B both have policy allowing something
(rather than messing with a boolean), removing one of those packages and
its policy module will still leave the other's policy module present and
hence it will still be able to do what it needed to do.
In other words - I did suspect that modules is the closest thing that complies
with the above (aside from meta-packages that only have %post sections
populated with "semanage" statements)
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen
When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330