[DSE-Dev] ltp package in Debian

Riku Voipio riku.voipio at iki.fi
Thu Feb 5 12:42:52 UTC 2009 

On Thu, Feb 05, 2009 at 10:50:07AM -0000, Jiri Palecek wrote:
>>> 1. I was considering packaging selinux-tests. However, there is a 
>>> line  in
>>> makefile calling

>>>    chcon -t test_t some-files

>> At least in Ubuntu, chcon is provided by coreutils.

>>>    or something like that. I don't know now if the tests depend on 
>>> this  and
>>> will investigate it, but if it (likely) does, is there some way of
>>> packaging that? AFAIK, this will fail on any machine w/o selinux and  
>>> will
>>> not go through tar.

>> Right, I'm pretty sure you'd need star to preserve SELinux file security
>> contexts.

>> I would think that selinux-tests should only be installable on a system
>> running SELinux.

> Yes, but they should be buildable and packageable everywhere. Perhaps I should postpone changing this security context to postinst script and PreDepend on something from selinux?

Perhaps someone at the selinux-devel mailing list has an idea? My
(admittedly very limited) knowledge of selinux is that packages should
not use chcon to pre-set their security context (does tar even support
keeping selinux context?). Rather packages should(?) ship a policy file
(/usr/share/selinux/foo/bar.pp).

>>> 3. There's this file conflict with package pan, over pan(1) manpage. I'm
>>> considering two options:
>>>     - rename the file to something like pan-ltp.1 in the /usr/share/man
>>> hierarchy
>>>     - move the file from the /usr/share/man hierarchy to /usr/share/doc,
>>> since the pan program isn't in /usr/bin either
>>>
>>>    I'm favoring the former option. What do you think?
>>
>> Yes, definitely the former option.  I would recommend "pan.1ltp".  See,
>> for example open.3posix, open.3perl, open.3tcl.
> I considered that too, but wouldn't that be a violation of the Policy?

It's widely used practice and lintian doesn't complain about it. Lintian
even appears to explictly support it be requiring that foo.3bar.gz to be
located in man3/ dir.

-- 
"rm -rf" only sounds scary if you don't have backups

More information about the SELinux-devel mailing list