From Fedora Project Wiki
(? Recommend: foo-selinux) |
(updating my own questions) |
||
Line 3: | Line 3: | ||
* can the reasons for %defattr 755 be explained? | * can the reasons for %defattr 755 be explained? | ||
* what if one package aims foo-selinux wants to generate foo-selinux-targeted and foo-selinux-mls? (e.g. see copr-selinux) | * what if one package aims foo-selinux wants to generate foo-selinux-targeted and foo-selinux-mls? (e.g. see copr-selinux) '''answer: all the %selinux_* macros provide -s option''' | ||
* shouldn't the | * shouldn't we move %selinux_relabel_post to %post (instead of %posttrans) or move the %selinux_relabel_pre into %pretrans? The former is much more scalable, but probably a lot more optimal. | ||
* should packages Recommend/Require the 'foo-selinux' packages? (consider selinux is enforcing, and people install foo-bar package, but forgot to install foo-selinux) | * should packages Recommend/Require the 'foo-selinux' packages? (consider selinux is enforcing, and people install foo-bar package, but forgot to install foo-selinux), edit: I do think that we should use `Requires: (foo-selinux-targeted if selinux-policy-targeted)`, WDYT? | ||
== policy to sync with global selinux policy? == | == policy to sync with global selinux policy? == | ||
Revision as of 07:40, 25 September 2018
general questions
- can the reasons for %defattr 755 be explained?
- what if one package aims foo-selinux wants to generate foo-selinux-targeted and foo-selinux-mls? (e.g. see copr-selinux) answer: all the %selinux_* macros provide -s option
- shouldn't we move %selinux_relabel_post to %post (instead of %posttrans) or move the %selinux_relabel_pre into %pretrans? The former is much more scalable, but probably a lot more optimal.
- should packages Recommend/Require the 'foo-selinux' packages? (consider selinux is enforcing, and people install foo-bar package, but forgot to install foo-selinux), edit: I do think that we should use
Requires: (foo-selinux-targeted if selinux-policy-targeted)
, WDYT?
policy to sync with global selinux policy?
- do we have to maintain all the
.fc
paths, also related to e.g. debian (as is done in selinux-policy-targeted) - if something changes in say mysql-selinux, do we have to backport it to selinux-policy-targeted upstream?
- should we maintain paths for SCLs? Or should each SCL have it's own '*-selinux' package with custom paths?
- should there be e.g. separated policy for mariadb vs. mysql?