I know this doesn't answer your question regarding spec file contents; and I see your issue. But you might want to check out the "semanage" command. "chcon" isn't going to persist if selinux does a relabel (which happens regularly in some environments).
You might want check out the section "5.7.2 Persistent Changes: semanage fcontext" here. http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/pdf/Security-Enhanced_Linux/Red_Hat_Enterprise_Linux-6-Beta-Security-Enhanced_Linux-en-US.pdf Steve Alder - RHCE -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dmitry Makovey Sent: Monday, November 07, 2011 15:59 To: [email protected] Subject: RPM to include SELinux information? Hi, I'm trying to build RPM that deploys application into SELinux environment, for it to work I need to label $application_dir with httpd_sys_content_t so that httpd can read it. What is the best approach to this? Adding %postinst chcon -t httpd_sys_content_t $application_dir seems kind of hacky, are there any macros (like %attr) that could help? So far quick look at fedora and RH documents yeilded no results, I may have missed something though so please let me know if I did. -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 --- Confidence is what you have before you understand the problem Woody Allen When in trouble when in doubt run in circles scream and shout http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330 -- redhat-sysadmin-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
