Ideally, these policies should be just a config file and selinux would manage it from there. Think systemd style. But I guess we live in an imperfect world.
Yeah I can agree with that, this…
We also need:
Requires(post): policycoreutils
So we have semodule which is required for the %selinux_modules_install macro do we not?
But it still feels wrong to have these…
So I've gone away and done a bunch of research. I think the approach Luna followed is right, the current method used by Cockpit is very fragile to a changing system. Looking at other instances…
Gotcha I can submit a new pr fixing those, are there any other changes needed or just that?
Upstream haven't no, but this was to fix bsc#1236057 also see CPT-126
In short the issue was that if Cockpit was installed on Tumbleweed and then later on you install or enable selinux, Cockpit…
Okay cool, thanks! I'm fine for this to be merged then whenever you get a sec