<div dir="ltr">On Fri, Sep 20, 2013 at 9:24 AM, Steve Magnani <span dir="ltr"><<a href="mailto:user.serviceable@gmail.com" target="_blank">user.serviceable@gmail.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Fri, 2013-09-20 at 08:15 -0500, Richard Shaw wrote:<br>
> On Fri, Sep 20, 2013 at 8:03 AM, Steve Magnani<br>
> <<a href="mailto:user.serviceable@gmail.com">user.serviceable@gmail.com</a>> wrote:<br>
> Is it possible to incorporate the chcon/semanage steps of<br>
> <a href="http://www.mythtv.org/wiki/Installing_MythTV_on_Fedora#SELinux" target="_blank">http://www.mythtv.org/wiki/Installing_MythTV_on_Fedora#SELinux</a><br>
><br>
> ..as postinstall steps for mythweb? I end up having to do<br>
> these manually<br>
> every time I install a new mythweb RPM.<br>
><br>
><br>
> I have to be very careful here. The last two lines shouldn't be a<br>
> problem because I can undo that on uninstall and they're specific to<br>
> mythweb. The first two lines I'm uncomfortable with because I can make<br>
> sure the boolean is enabled upon install, but I have no way of knowing<br>
> if I should turn them off upon uninstall because the user could have<br>
> other things installed that require it to be enabled.<br>
<br>
</div></div>Agreed, I don't think it's appropriate to call setsebool. What would be<br>
nice is to print a warning if SELinux is enforcing (maybe permissive,<br>
too) and those booleans aren't set compatibly for mythweb.<br></blockquote><div><br></div><div>I can look at echoing something but only people who install from command line will see it.</div><div><br></div><div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I didn't know if Fedora had packaging guidelines regarding SELinux, or<br>
how tricky it would be to manage installation differences between<br>
systems where SELinux is enforcing / permissive / disabled / not<br>
available at all (although maybe the last is not a reasonable Fedora<br>
scenario?)</blockquote><div><br></div><div>I've done some searching and have only found draft guidelines so they aren't fully adopted. Just setting the contexts shouldn't be a problem, the scripts are setup to not exit with an error even if they fail (if selinux is installed, it succeeds, if not, the error is ignored). </div>
<div><br></div><div>Richard </div></div></div></div>