Ideally, these policies should be just a config file and selinux would manage it from there. Think systemd style. But I guess we live in an imperfect world.
Yeah I can agree with that, this…
We also need:
Requires(post): policycoreutils
So we have semodule which is required for the %selinux_modules_install macro do we not?
But it still feels wrong to have these…
So I've gone away and done a bunch of research. I think the approach Luna followed is right, the current method used by Cockpit is very fragile to a changing system. Looking at other instances…
Gotcha I can submit a new pr fixing those, are there any other changes needed or just that?
Upstream haven't no, but this was to fix bsc#1236057 also see CPT-126
In short the issue was that if Cockpit was installed on Tumbleweed and then later on you install or enable selinux, Cockpit…
