When you run "sepolicy generate" it generates files to define a policy. It also creates <policy_name>.sh file that is supposed to help the user to package the policy module into an RPM package. Unfortunately, in the current state the created script tries to do 2 things at once:<br />
<br />
1. install the generated policy into the system<br />
2. package the policy into an RPM package.<br />
<br />
While <a href="http://bugs.centos.org/view.php?id=1">0000001</a> requires root powers (or more explicitly, administrative rights) to modify the system, <a href="http://bugs.centos.org/view.php?id=2">0000002</a> does not require such powers.<br />
<br />
It would be nice if the installation and update parts were separated logically inside the created shell script: e.g. if the script is launched with "install" or "update" arguments it will demand root, but if it's executed with "package" - it will simply package the created policy module into an RPM package.
↧
