[Rpm-maint] [PATCH 12/19] Determine how policy should be installed based on SELinux state

James Antill james at fedoraproject.org
Fri Feb 5 17:39:27 UTC 2010


On Tue, 2010-02-02 at 15:25 -0500, Steve Lawrence wrote:
> The state of SELinux on a system changes how we install policy during
> the rpm transaction. For example, if the /etc/selinux directory structure
> hasn't been created, we can't install policy until a package creates the
> directory. This patch adds a function (rpmtsInitSELinux) which performs
> initialization and determines the state of SELinux on the system and what
> actions should be taken to install policy.
[...]
> +	/* initialize matchpathcon */
> +	if (!(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) {
> +		if (matchpathcon_init(selinux_file_context_path()) == -1) {
> +			rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
> +		}
> +	}
[...]
> -	char *fn = rpmGetPath("%{?_install_file_context_path}", NULL);
> -	if (matchpathcon_init(fn) == -1) {
> -	    rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
> -	}
> -	_free(fn);
[...]
> +    if (rpmtsInitSELinux(ts) != RPMRC_OK) {
> +       return -1;

 How is this the same? Is %_install_file_context_path always the same as
the default path?

[...]
> +#if WITH_SELINUX
> +    /* load policy and relabel files if policy was postponed */

 Can this bit be merged with the init code?



More information about the Rpm-maint mailing list