On 30/11/10 08:38, Toshio Kuratomi wrote: > On Tue, Nov 30, 2010 at 03:11:43AM -0500, Akira TAGOH wrote: >> | 2) The act of installing the rpm should create the necessary directories. >> | Alternately, the program (or as you say, the init script) can create the >> | necessary directories. Note that I don't believe that systemd gives you >> the >> | flexibility to do that sort of thing (there's no "script" in its init >> stuff) >> | so you'd need a wrapper script for the program itself or write a patch to >> | the program itself to achieve this where the program doesn't create the >> | directory already and if we don't do this from within the rpm payload. >> >> To get this working on SELinux, are we presuming that restorecond is running >> on the system or does the package maintainer need to take care of running >> restorecon manually in the script or the program? >> > I thought lennart mentioned something about selinux and tmpfiles.d defined > directories but I could be misremembering.
Files/directories created as a result of tmpfiles.d entries will have the correct SELinux contexts. Files/directories created by an initscript will probably need to have restorecon run on them to set the correct context (which of course can be done in the initscript). Files/directories created at startup by a daemon may or may not have the correct SELinux contexts depending on whether the necessary transition rules are in the policy. If they're not set correctly, it would be a good idea to raise a bug on selinux-policy to address that. Paul. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
