diff --git a/ly.spec.rpkg b/ly.spec.rpkg
index 334ef86..ea32a9b 100644
--- a/ly.spec.rpkg
+++ b/ly.spec.rpkg
@@ -1,3 +1,8 @@
+%define relabel_files() \
+restorecon -R /usr/bin/ly; \
+
+%define selinux_policyver 3.14.6-34
+
Name: {{{ git_dir_name }}}
Version: {{{ git_dir_version }}}
Release: 1%{?dist}
@@ -37,6 +42,26 @@ DESTDIR="%{buildroot}" make install
chmod -x %{buildroot}/etc/ly/config.ini
chmod -x %{buildroot}/etc/ly/lang/*
+%post
+semodule -n -i %{_datadir}/selinux/packages/ly.pp
+if /usr/sbin/selinuxenabled ; then
+ /usr/sbin/load_policy
+ %relabel_files
+
+fi;
+exit 0
+
+%postun
+if [ $1 -eq 0 ]; then
+ semodule -n -r ly
+ if /usr/sbin/selinuxenabled ; then
+ /usr/sbin/load_policy
+ %relabel_files
+
+ fi;
+fi;
+exit 0
+
%files
/usr/bin/ly
/usr/lib/systemd/system/ly.service
@@ -50,6 +75,7 @@ chmod -x %{buildroot}/etc/ly/lang/*
/etc/ly/wsetup.sh
/etc/ly/config.ini
/etc/pam.d/ly
+/etc/selinux/packages/ly.pp
%changelog
{{{ git_dir_changelog }}}
diff --git a/makefile b/makefile
index eef31ad..8dfc145 100644
--- a/makefile
+++ b/makefile
@@ -92,6 +92,11 @@ installnoconf: $(BIND)/$(NAME)
@install -DZ $(RESD)/ly.service -m 644 -t ${DESTDIR}/usr/lib/systemd/system
@install -DZ $(RESD)/pam.d/ly -m 644 -t ${DESTDIR}/etc/pam.d
+makeselinux:
+ @echo "installing selinux modules"
+ @checkmodule -M -m -o ly.mod selinux/ly.te
+ @semodule_package -o ly.pp -m ly.mod
+
uninstall:
@echo "uninstalling"
@rm -rf ${DESTDIR}/etc/ly
diff --git a/selinux/ly.fc b/selinux/ly.fc
deleted file mode 100755
index 4a96a7b..0000000
--- a/selinux/ly.fc
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/ly -- gen_context(system_u:object_r:ly_exec_t,s0)
diff --git a/selinux/ly.if b/selinux/ly.if
deleted file mode 100755
index f546adc..0000000
--- a/selinux/ly.if
+++ /dev/null
@@ -1,40 +0,0 @@
-
-## policy for ly
-
-########################################
-##
-## Execute ly_exec_t in the ly domain.
-##
-##
-##
-## Domain allowed to transition.
-##
-##
-#
-interface(`ly_domtrans',`
- gen_require(`
- type ly_t, ly_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, ly_exec_t, ly_t)
-')
-
-######################################
-##
-## Execute ly in the caller domain.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ly_exec',`
- gen_require(`
- type ly_exec_t;
- ')
-
- corecmd_search_bin($1)
- can_exec($1, ly_exec_t)
-')
diff --git a/selinux/ly.sh b/selinux/ly.sh
deleted file mode 100755
index dabb6f7..0000000
--- a/selinux/ly.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh -e
-
-DIRNAME=`dirname $0`
-cd $DIRNAME
-USAGE="$0 [ --update ]"
-if [ `id -u` != 0 ]; then
-echo 'You must be root to run this script'
-exit 1
-fi
-
-if [ $# -eq 1 ]; then
- if [ "$1" = "--update" ] ; then
- time=`ls -l --time-style="+%x %X" ly.te | awk '{ printf "%s %s", $6, $7 }'`
- rules=`ausearch --start $time -m avc --raw -se ly`
- if [ x"$rules" != "x" ] ; then
- echo "Found avc's to update policy with"
- echo -e "$rules" | audit2allow -R
- echo "Do you want these changes added to policy [y/n]?"
- read ANS
- if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then
- echo "Updating policy"
- echo -e "$rules" | audit2allow -R >> ly.te
- # Fall though and rebuild policy
- else
- exit 0
- fi
- else
- echo "No new avcs found"
- exit 0
- fi
- else
- echo -e $USAGE
- exit 1
- fi
-elif [ $# -ge 2 ] ; then
- echo -e $USAGE
- exit 1
-fi
-
-echo "Building and Loading Policy"
-set -x
-make -f /usr/share/selinux/devel/Makefile ly.pp || exit
-/usr/sbin/semodule -i ly.pp
-
-# Generate a man page off the installed module
-sepolicy manpage -p . -d ly_t
-# Fixing the file context on /usr/bin/ly
-/sbin/restorecon -F -R -v /usr/bin/ly
-# Generate a rpm package for the newly generated policy
-
-pwd=$(pwd)
-rpmbuild --define "_sourcedir ${pwd}" --define "_specdir ${pwd}" --define "_builddir ${pwd}" --define "_srcrpmdir ${pwd}" --define "_rpmdir ${pwd}" --define "_buildrootdir ${pwd}/.build" -ba ly_selinux.spec
diff --git a/selinux/ly_selinux.spec b/selinux/ly_selinux.spec
deleted file mode 100755
index ee6cb98..0000000
--- a/selinux/ly_selinux.spec
+++ /dev/null
@@ -1,70 +0,0 @@
-# vim: sw=4:ts=4:et
-
-
-%define relabel_files() \
-restorecon -R /usr/bin/ly; \
-
-%define selinux_policyver 3.14.6-34
-
-Name: ly_selinux
-Version: 1.0
-Release: 1%{?dist}
-Summary: SELinux policy module for ly
-
-Group: System Environment/Base
-License: WTFPL
-# This is an example. You will need to change it.
-URL: https://github.com/nullgemm/ly
-Source0: ly.pp
-Source1: ly.if
-Source2: ly_selinux.8
-
-
-Requires: policycoreutils, libselinux-utils
-Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils
-Requires(postun): policycoreutils
-BuildArch: noarch
-
-%description
-This package installs and sets up the SELinux policy security module for ly.
-
-%install
-install -d %{buildroot}%{_datadir}/selinux/packages
-install -m 644 %{SOURCE0} %{buildroot}%{_datadir}/selinux/packages
-install -d %{buildroot}%{_datadir}/selinux/devel/include/contrib
-install -m 644 %{SOURCE1} %{buildroot}%{_datadir}/selinux/devel/include/contrib/
-install -d %{buildroot}%{_mandir}/man8/
-install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/ly_selinux.8
-install -d %{buildroot}/etc/selinux/targeted/contexts/users/
-
-
-%post
-semodule -n -i %{_datadir}/selinux/packages/ly.pp
-if /usr/sbin/selinuxenabled ; then
- /usr/sbin/load_policy
- %relabel_files
-
-fi;
-exit 0
-
-%postun
-if [ $1 -eq 0 ]; then
- semodule -n -r ly
- if /usr/sbin/selinuxenabled ; then
- /usr/sbin/load_policy
- %relabel_files
-
- fi;
-fi;
-exit 0
-
-%files
-%attr(0600,root,root) %{_datadir}/selinux/packages/ly.pp
-%{_datadir}/selinux/devel/include/contrib/ly.if
-%{_mandir}/man8/ly_selinux.8.*
-
-
-%changelog
-* Wed Feb 3 2021 YOUR NAME 1.0-1
-- Initial version
-