Description of problem: rpmlint does not know about some SE Linux related problems that could exist in scriptlets. For example, using chcon and runcon requires knowing a policy type - which could change on a policy upgrade and completely break the scriptlet. I will attach a patch that detects encoded policy knowledge in scriplets. Version-Release number of selected component (if applicable): rpmlint-0.78
Created attachment 140668 [details] Patch addressing the issues listed above
Thanks. Could you submit a message that would be displayed when rpmlint is run with -i/-I? Ideally, the message should describe what's wrong and what to do about it. I'm thinking about something like this, but I'm not knowledgeable enough about SELinux to write the "what to do about it" part: A command which may require intimate knowledge about specific SELinux policy types which are subject to change in future policies was found in the scriptlet. [Fill here what the packager should do about it.]
Sure, here's the text slightly modified from above: A command which requires intimate knowledge about a specific SELinux policy type was found in the scriptlet. These types are subject to change on a policy version upgrade. The packager should should use the restorecon command which querries the currently loaded policy for the correct type.
Applied upstream with further minor tweaks as http://rpmlint.zarb.org/cgi-bin/trac.cgi/changeset/1293, will be in the next rpmlint release. Thanks!
Done in upcoming 0.79-1.