Closed drahnr closed 3 years ago
There seems an issue with the PR, my commits landed on top of yours which is not good from a git history perspective. You can fix this by removing them and then doing a rebase on top of the master branch.
Also: Can you split this PR into two please? The first one for all the small code improvements, fixed spelling errors and dependency updates. And the other one for the actual feature. I think we can merge the first one very soon since it looks good to me at a first glance.
Other then that, this seems a good starting point though.
There seems an issue with the PR, my commits landed on top of yours which is not good from a git history perspective. You can fix this by removing them and then doing a rebase on top of the master branch.
It's still a draft ;) (done :ballot_box_with_check: )
Also: Can you split this PR into two please? The first one for all the small code improvements, fixed spelling errors and dependency updates. And the other one for the actual feature. I think we can merge the first one very soon since it looks good to me at a first glance.
Done, see #21
Package spec ref as an anchorpoint for creating an RPM with policy file, https://src.fedoraproject.org/rpms/memcached/blob/6e70f59bdad0ba4cc1a1a7e5abc237d2e2f1c13a/f/memcached.spec - not sure if the policies are actually stored in the header files anymore.
maybe you can ask on the fedora mailing list if this is (or ever was) a common practice to store SELinux policies in RPM headers directly. I've personally never seen a RPM with an encoded SELinux policy to be honest. It would be interesting to get some insight from upstream.
It seems the support is there and specified, but nobody is using it - it's not used when installed, so it would be a mere "it's impl'd" case rather than a "it's useful case".
See https://github.com/rpm-software-management/rpm/issues/1319#issuecomment-673392751
Ah thanks for taking this upstream.
The partial support is a leftover from attempted policy support, which might some day be reimplemented in a different way, but there are no actual plans to do so.
Maybe we should drop this feature then since it might give the false impression to users that this might actually work or even be best practice.
A WIP attempt to support selinux policy files.
Will eventually close #18