[DSE-Dev] debian-policy: Document in the policy the way to properly set selinux labels on files and directories

[Jonathan Nieder]

Hi,

Laurent Bigonville wrote:

>   A maintainer script can for example call the restorecon(8) executable
>   to achieve this:
>     [ -x /sbin/restorecon ] && /sbin/restorecon $myfile

Should I do this for all files I create in maintainer scripts, or only
those that someone who knows things :) has told me need it?

Likewise, at runtime should I be doing this for files I create, or
only for some subset of files?

Curious,
Jonathan