How to find SELinux policy type?

How to find SELinux policy type?

[James Morris]

Is there a programmatic way to determine the type of SELinux policy 
configured on a system? (e.g. "targeted")

I've looked in the SELinux userspace and SETools repositories but not 
found a library call to do this.


- James
-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: How to find SELinux policy type?

[Mike Sweetser - Adhost]

James,

The following command set should give you what you want:

grep '^SELINUXTYPE' /etc/selinux/config | awk '{split($0,a,"="); print
a[2];}'

When run against my targeted setup on RHEL 5.2, it gave me back
"targeted".

--------------------------
Mike Sweetser | Systems Administrator

Adhost Internet
140 Fourth Avenue North, Suite 360, Seattle, Washington 98109 USA
P 206.404.9000    T 888.234.6781 (ADHOST-1)    F 206.404.9050
E mikesw@adhost.com    W adhost.com

Our brand new Adhost West data center is open - contact us for a tour at
1-888-234-6781 (ADHOST-1)


-----Original Message-----
From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]
On Behalf Of James Morris
Sent: Tuesday, September 23, 2008 4:13 PM
To: selinux@tycho.nsa.gov
Subject: How to find SELinux policy type?

Is there a programmatic way to determine the type of SELinux policy 
configured on a system? (e.g. "targeted")

I've looked in the SELinux userspace and SETools repositories but not 
found a library call to do this.


- James
-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[KaiGai Kohei]

James Morris wrote:
> Is there a programmatic way to determine the type of SELinux policy 
> configured on a system? (e.g. "targeted")
> 
> I've looked in the SELinux userspace and SETools repositories but not 
> found a library call to do this.

I also want to know the way to obtain the list of policy types,
because it is necessary to make a specfile which provides policy
modules.

Thanks
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[Paul Howarth]

On Tue, 23 Sep 2008 16:32:16 -0700
"Mike Sweetser - Adhost" <mikesw@adhost.com> wrote:

> James,
> 
> The following command set should give you what you want:
> 
> grep '^SELINUXTYPE' /etc/selinux/config | awk '{split($0,a,"="); print
> a[2];}'
> 
> When run against my targeted setup on RHEL 5.2, it gave me back
> "targeted".

There's also the "sestatus" command:

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

Paul.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[KaiGai Kohei]

Paul Howarth wrote:
> On Tue, 23 Sep 2008 16:32:16 -0700
> "Mike Sweetser - Adhost" <mikesw@adhost.com> wrote:
> 
>> James,
>>
>> The following command set should give you what you want:
>>
>> grep '^SELINUXTYPE' /etc/selinux/config | awk '{split($0,a,"="); print
>> a[2];}'
>>
>> When run against my targeted setup on RHEL 5.2, it gave me back
>> "targeted".
> 
> There's also the "sestatus" command:
> 
> # sestatus
> SELinux status:                 enabled
> SELinuxfs mount:                /selinux
> Current mode:                   enforcing
> Mode from config file:          enforcing
> Policy version:                 21
> Policy from config file:        targeted
> 
> Paul.

selinux_getpolicytype() is available to obtain the current policy type.
(It paerses /etc/selinux/config.)

But, there is no reasonable way to obtain the list of policy types.
Perhaps, I misunderstood the matter. :-)

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[James Morris]

On Wed, 24 Sep 2008, KaiGai Kohei wrote:

> selinux_getpolicytype() is available to obtain the current policy type.
> (It paerses /etc/selinux/config.)

That's what I was looking for, thanks.


-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Sweetser - Adhost wrote:
> James,
> 
> The following command set should give you what you want:
> 
> grep '^SELINUXTYPE' /etc/selinux/config | awk '{split($0,a,"="); print
> a[2];}'
> 
> When run against my targeted setup on RHEL 5.2, it gave me back
> "targeted".
> 
> --------------------------
> Mike Sweetser | Systems Administrator
> 
> Adhost Internet
> 140 Fourth Avenue North, Suite 360, Seattle, Washington 98109 USA
> P 206.404.9000    T 888.234.6781 (ADHOST-1)    F 206.404.9050
> E mikesw@adhost.com    W adhost.com
> 
> Our brand new Adhost West data center is open - contact us for a tour at
> 1-888-234-6781 (ADHOST-1)
> 
> 
> -----Original Message-----
> From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]
> On Behalf Of James Morris
> Sent: Tuesday, September 23, 2008 4:13 PM
> To: selinux@tycho.nsa.gov
> Subject: How to find SELinux policy type?
> 
> Is there a programmatic way to determine the type of SELinux policy 
> configured on a system? (e.g. "targeted")
> 
> I've looked in the SELinux userspace and SETools repositories but not 
> found a library call to do this.
> 
> 
> - James
selinux_getpolicytype()

No Man page.

python -c "import selinux; print selinux.selinux_getpolicytype()"
[0, 'targeted']

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjaJAQACgkQrlYvE4MpobO+YgCgjCHmaHYdrgeOs0gnrpMPUsU7
3BUAmwdc99Nxbk8r7ZNemgbCIQ93RSG9
=YhtH
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

KaiGai Kohei wrote:
> James Morris wrote:
>> Is there a programmatic way to determine the type of SELinux policy
>> configured on a system? (e.g. "targeted")
>>
>> I've looked in the SELinux userspace and SETools repositories but not
>> found a library call to do this.
> 
> I also want to know the way to obtain the list of policy types,
> because it is necessary to make a specfile which provides policy
> modules.
> 
> Thanks
There is no list of policy types since anyone can make up a new policy
type.  The convention used within system-config-selinux is to list the
directory names under /etc/selinux/.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjaOhkACgkQrlYvE4MpobMFiACfbt6gs0dVCDTRgMH2DqgbAmUJ
l7YAoNBOUnViBZkEMnOdemkcJclbMXEw
=pjX3
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[Justin P. Mattock]

Have you tried issueing the command
Sestatus -vv
Should give you the name of the policy

justin P. Mattock



On Sep 24, 2008, at 6:01 AM, Daniel J Walsh <dwalsh@redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> KaiGai Kohei wrote:
>> James Morris wrote:
>>> Is there a programmatic way to determine the type of SELinux policy
>>> configured on a system? (e.g. "targeted")
>>>
>>> I've looked in the SELinux userspace and SETools repositories but  
>>> not
>>> found a library call to do this.
>>
>> I also want to know the way to obtain the list of policy types,
>> because it is necessary to make a specfile which provides policy
>> modules.
>>
>> Thanks
> There is no list of policy types since anyone can make up a new policy
> type.  The convention used within system-config-selinux is to list the
> directory names under /etc/selinux/.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkjaOhkACgkQrlYvE4MpobMFiACfbt6gs0dVCDTRgMH2DqgbAmUJ
> l7YAoNBOUnViBZkEMnOdemkcJclbMXEw
> =pjX3
> -----END PGP SIGNATURE-----
>
> --
> This message was distributed to subscribers of the selinux mailing  
> list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov 
>  with
> the words "unsubscribe selinux" without quotes as the message.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 711 bytes --]

On Wed, 24 Sep 2008 09:18:16 +0900, KaiGai Kohei said:
> James Morris wrote:
> > Is there a programmatic way to determine the type of SELinux policy 
> > configured on a system? (e.g. "targeted")
> > 
> > I've looked in the SELinux userspace and SETools repositories but not 
> > found a library call to do this.
> 
> I also want to know the way to obtain the list of policy types,
> because it is necessary to make a specfile which provides policy
> modules.

There be dragons here. :)

Keep in mind that the list of available policies on the machine that you
create an RPM spec file and do the 'rpmbuild' may differ from the actual
install environment.  So keep straight your Requires: and Build-Requires: ;)

[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: How to find SELinux policy type?

[KaiGai Kohei]

Valdis.Kletnieks@vt.edu wrote:
> On Wed, 24 Sep 2008 09:18:16 +0900, KaiGai Kohei said:
>> James Morris wrote:
>>> Is there a programmatic way to determine the type of SELinux policy 
>>> configured on a system? (e.g. "targeted")
>>>
>>> I've looked in the SELinux userspace and SETools repositories but not 
>>> found a library call to do this.
>> I also want to know the way to obtain the list of policy types,
>> because it is necessary to make a specfile which provides policy
>> modules.
> 
> There be dragons here. :)
> 
> Keep in mind that the list of available policies on the machine that you
> create an RPM spec file and do the 'rpmbuild' may differ from the actual
> install environment.  So keep straight your Requires: and Build-Requires: ;)

Don't worry. I actually maintain the specfile of sepostgresql package
that provides its security policy modules. :)
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[Dominick Grift]

[-- Attachment #1: Type: text/plain, Size: 327 bytes --]

On Fri, 2008-09-26 at 12:50 +0900, KaiGai Kohei wrote:

> Don't worry. I actually maintain the specfile of sepostgresql package
> that provides its security policy modules. :)

Can you have a look at this
please:https://bugzilla.redhat.com/show_bug.cgi?id=463906
thanks




-- 
Dominick Grift <domg472@gmail.com>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: How to find SELinux policy type?

[KaiGai Kohei]

Dominick Grift wrote:
> On Fri, 2008-09-26 at 12:50 +0900, KaiGai Kohei wrote:
> 
>> Don't worry. I actually maintain the specfile of sepostgresql package
>> that provides its security policy modules. :)
> 
> Can you have a look at this
> please:https://bugzilla.redhat.com/show_bug.cgi?id=463906
> thanks

Oops, :(

Was the sepostgresql related policy backported to F9 selinux-policy?
Thanks for your notification, I'll fix soon.
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[Dominick Grift]

[-- Attachment #1: Type: text/plain, Size: 379 bytes --]

On Fri, 2008-09-26 at 19:25 +0900, KaiGai Kohei wrote:

> 
> Was the sepostgresql related policy backported to F9 selinux-policy?

Not sure about that. I know that i have selinux-policy installed plus
sepostgresql for f9.

sepostgresql-8.3.3-2.869.fc9.x86_64
sepostgresql 2.869
selinux-policy-3.3.1-94.fc9.noarch.rpm

Thanks
-- 
Dominick Grift <domg472@gmail.com>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: How to find SELinux policy type?

[KaiGai Kohei]

Dominick Grift wrote:
> On Fri, 2008-09-26 at 19:25 +0900, KaiGai Kohei wrote:
> 
>> Was the sepostgresql related policy backported to F9 selinux-policy?
> 
> Not sure about that. I know that i have selinux-policy installed plus
> sepostgresql for f9.
> 
> sepostgresql-8.3.3-2.869.fc9.x86_64
> sepostgresql 2.869
> selinux-policy-3.3.1-94.fc9.noarch.rpm
> 
> Thanks

Dan,

Could you add the following policy into F9 updates?
It is already merged into upstream policy, but I cannot find it
at selinux-policy-3.3.1-91.

--- at modules/system/libraries.te ---
optional_policy(`
        postgresql_loadable_module(lib_t)
        postgresql_loadable_module(textrel_shlib_t)
')
--------------------------------------

Lack of this policy prevents database initialization.

$ cat /var/lib/sepgsql/pgstartup.log
              :
creating template1 database in /var/lib/sepgsql/data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating conversions ... FATAL:  SELinux: denied { install_module } scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=db_database name=/usr/lib/pgsql/ascii_and_mic.so
STATEMENT:  CREATE OR REPLACE FUNCTION ascii_to_mic (INTEGER, INTEGER, CSTRING, INTERNAL, INTEGER) RETURNS VOID AS '$libdir/ascii_and_mic', 'ascii_to_mic' LANGUAGE C STRICT;

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: How to find SELinux policy type?

[KaiGai Kohei]

[-- Attachment #1: Type: text/plain, Size: 706 bytes --]

> Dan,
> 
> Could you add the following policy into F9 updates?
> It is already merged into upstream policy, but I cannot find it
> at selinux-policy-3.3.1-91.
> 
> --- at modules/system/libraries.te ---
> optional_policy(`
>         postgresql_loadable_module(lib_t)
>         postgresql_loadable_module(textrel_shlib_t)
> ')
> --------------------------------------

Thanks, I confirmed it is fixed at selinux-policy-3.3.1-95.fc9.

But what I pointed out is incomplete. :(
Could you apply the attached patch towards the 3.3.1 series policy?
It allows userdomains and httpd_t to connect SE-PostgreSQL.
(No need to say, it compatible to upstream refpolicy.)

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

[-- Attachment #2: serefpolicy-sepostgresql-fix-3.3.1.patch --]
[-- Type: application/octect-stream, Size: 2490 bytes --]

sepostgresql.pp conflicts on F9 (Re: How to find SELinux policy type?)

[KaiGai Kohei]

Dominick,

Show the package:
  http://koji.fedoraproject.org/koji/buildinfo?buildID=64748

It will be able to help your matter.

BTW, I could not describe its dependency well.
Please tell me, if someone knows the way to describe "Require" section well.

Require: selinux-policy >= 3.3.1-96
                                ^^^
The rpmbuild made an error because it contains %{Release} part,
so I omit it like "Require: selinux-policy >= 3.3.1".
Of cource, it is not a correct description.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: sepostgresql.pp conflicts on F9 (Re: How to find SELinux policy type?)

[Dominick Grift]

[-- Attachment #1: Type: text/plain, Size: 1670 bytes --]

On Tue, 2008-09-30 at 13:19 +0900, KaiGai Kohei wrote:
> Dominick,
> 
> Show the package:
>   http://koji.fedoraproject.org/koji/buildinfo?buildID=64748
> 
> It will be able to help your matter.

hello

sh-3.2# rpm -Uvh sepostgresql-8.3.4-2.1067.fc9.x86_64.rpm
error: Failed dependencies:
postgresql-server = 8.3.4 is needed by
sepostgresql-8.3.4-2.1067.fc9.x86_64

sh-3.2# rpm -qa | grep postgresql-server
postgresql-server-8.3.3-2.fc9.x86_64

sepostgresql-8.3.3-2.869.fc9.x86_64 from installed has depsolving
problems
  --> Missing Dependency: postgresql-server = 8.3.3 is needed by package
sepostgresql-8.3.3-2.869.fc9.x86_64 (installed)
Error: Missing Dependency: postgresql-server = 8.3.3 is needed by
package sepostgresql-8.3.3-2.869.fc9.x86_64 (installed)

sh-3.2# cd selinux-policy-3.5.6-2.fc10.src
sh-3.2# grep -i require selinux-policy.spec
BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4
policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >=
2.0.14-3
Requires: checkpolicy >= %{CHECKPOLICYVER} m4 
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}

I hope this helps.
Thanks

-- 
Dominick Grift <domg472@gmail.com>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: sepostgresql.pp conflicts on F9 (Re: How to find SELinux policy type?)

[KaiGai Kohei]

Dominick Grift wrote:
> On Tue, 2008-09-30 at 13:19 +0900, KaiGai Kohei wrote:
>> Dominick,
>>
>> Show the package:
>>   http://koji.fedoraproject.org/koji/buildinfo?buildID=64748
>>
>> It will be able to help your matter.
> 
> hello
> 
> sh-3.2# rpm -Uvh sepostgresql-8.3.4-2.1067.fc9.x86_64.rpm
> error: Failed dependencies:
> postgresql-server = 8.3.4 is needed by
> sepostgresql-8.3.4-2.1067.fc9.x86_64

It will be released soon, but not uploaded to Fedora 9 updates repository yet.
You can obtain the latest updates package from:
  http://koji.fedoraproject.org/koji/buildinfo?buildID=64273

In addition, it requires selinux-3.3.1-96.fc9 packages from:
  http://koji.fedoraproject.org/koji/buildinfo?buildID=64649
(But I don't know whether Dan want to push it to Fedora9 updates, or not.)

If you cannot wait for several days, plese obtain these packages by hand,
and apply them as follows:
  # rpm -Uvh sepostgresql-8.3.4-2.1067.fc9.x86_64.rpm   \
             postgresql-*8.3.4-1.fc9.x86_64.rpm         \
             selinux-policy-*3.3.1-96.fc9.noarch.rpm

BTW, there are no actual problem to mix postgresql-server-8.3.3 and
sepostgresql-8.3.4, because they has same major version number (8.3.x).
However, specfile of RPM does not allow to write a dependency to a part
of version number like "Requires: postgresql-server-8.3.*".
If someone knows the way to describe it cool, please tell me.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: sepostgresql.pp conflicts on F9 (Re: How to find SELinux policy type?)

[Paul Howarth]

KaiGai Kohei wrote:
> Dominick Grift wrote:
>> On Tue, 2008-09-30 at 13:19 +0900, KaiGai Kohei wrote:
>>> Dominick,
>>>
>>> Show the package:
>>>   http://koji.fedoraproject.org/koji/buildinfo?buildID=64748
>>>
>>> It will be able to help your matter.
>> hello
>>
>> sh-3.2# rpm -Uvh sepostgresql-8.3.4-2.1067.fc9.x86_64.rpm
>> error: Failed dependencies:
>> postgresql-server = 8.3.4 is needed by
>> sepostgresql-8.3.4-2.1067.fc9.x86_64
> 
> It will be released soon, but not uploaded to Fedora 9 updates repository yet.
> You can obtain the latest updates package from:
>   http://koji.fedoraproject.org/koji/buildinfo?buildID=64273
> 
> In addition, it requires selinux-3.3.1-96.fc9 packages from:
>   http://koji.fedoraproject.org/koji/buildinfo?buildID=64649
> (But I don't know whether Dan want to push it to Fedora9 updates, or not.)
> 
> If you cannot wait for several days, plese obtain these packages by hand,
> and apply them as follows:
>   # rpm -Uvh sepostgresql-8.3.4-2.1067.fc9.x86_64.rpm   \
>              postgresql-*8.3.4-1.fc9.x86_64.rpm         \
>              selinux-policy-*3.3.1-96.fc9.noarch.rpm
> 
> BTW, there are no actual problem to mix postgresql-server-8.3.3 and
> sepostgresql-8.3.4, because they has same major version number (8.3.x).
> However, specfile of RPM does not allow to write a dependency to a part
> of version number like "Requires: postgresql-server-8.3.*".
> If someone knows the way to describe it cool, please tell me.

Perhaps this?:

Requires: postgresql-server >= 8.3
Conflicts: postgresql-server >= 8.4

Paul.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.