rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Ensure targeted policy is installed by default

Browse Source 
When installing [a package requiring] selinux-policy/-base/
rpm-plugin-selinux, selinux-policy-minimum is always chosen (based on
alphabetical order). This is not desirable and we'd like -targeted to be
picked as the default choice.

Since selinux-policy and selinux-policy-base are glued together because
of rpm-plugins-selinux, just have selinu-policy provide
selinux-policy-base, use a new metapackage selinux-policy-any to
represent "any of -targeted, -mls, or -minimum", and have selinux-policy
require -any.

Then adding "Suggests: selinux-policy-targeted" to selinux-policy has
the effect that -targeted is picked by default when any of
selinux-policy/-base/rpm-plugin-selinux is installed via "dnf install"
on a clean system.

This patch combines the ideas of Petr Lautrbach, Vit Mojzis, and myself.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
This commit is contained in:
Ondrej Mosnacek 2020-09-30 10:00:25 +02:00 committed by zpytela
parent e042be0581
commit 4d9a7e555f
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
selinux-policy.spec
View File

@ -75,6 +75,9 @@ BuildRequires: gcc
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(post): /bin/awk /usr/bin/sha512sum Requires(post): /bin/awk /usr/bin/sha512sum
Requires: rpm-plugin-selinux Requires: rpm-plugin-selinux
Requires: selinux-policy-any = %{version}-%{release}
Provides: selinux-policy-base = %{version}-%{release}
Suggests: selinux-policy-targeted
%description %description
SELinux Base package for SELinux Reference Policy - modular. SELinux Base package for SELinux Reference Policy - modular.
@ -543,7 +546,7 @@ exit 0
%if %{BUILD_TARGETED} %if %{BUILD_TARGETED}
%package targeted %package targeted
Summary: SELinux targeted base policy Summary: SELinux targeted base policy
Provides: selinux-policy-base = %{version}-%{release} Provides: selinux-policy-any = %{version}-%{release}
Obsoletes: selinux-policy-targeted-sources < 2 Obsoletes: selinux-policy-targeted-sources < 2
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils Requires(pre): coreutils
@ -629,7 +632,7 @@ exit 0
%if %{BUILD_MINIMUM} %if %{BUILD_MINIMUM}
%package minimum %package minimum
Summary: SELinux minimum base policy Summary: SELinux minimum base policy
Provides: selinux-policy-base = %{version}-%{release} Provides: selinux-policy-any = %{version}-%{release}
Requires(post): policycoreutils-python-utils >= %{POLICYCOREUTILSVER} Requires(post): policycoreutils-python-utils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release} Requires(pre): selinux-policy = %{version}-%{release}
@ -731,7 +734,7 @@ exit 0
%if %{BUILD_MLS} %if %{BUILD_MLS}
%package mls %package mls
Summary: SELinux mls base policy Summary: SELinux mls base policy
Provides: selinux-policy-base = %{version}-%{release} Provides: selinux-policy-any = %{version}-%{release}
Obsoletes: selinux-policy-mls-sources < 2 Obsoletes: selinux-policy-mls-sources < 2
Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}