RE: policy packages
-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au]
Sent: Saturday, May 15, 2004 4:17 PM
To: Karl MacMillan
Cc: Fedora SELinux support list for users & developers.; Daniel J Walsh
Subject: Re: policy packages
On Sun, 16 May 2004 03:41, "Karl MacMillan" <kmacmillan(a)tresys.com>
wrote:
> > I think we should use /etc/selinux as the sym-link to the policy
> > source. /etc/security/selinux/src is too much typing when you do any
> > serious policy work.
>
> I am not against adding the symlink if /etc/security/selinux/src/policy
> remains. Breaking that compatibility will be a problem for us and
others
> at least in the short term and, if other distributions don't adopt the
> change, a problem in the long term. All of our tools are easily
If /etc/selinux is used then it's best for compatibility for everyone.
Debian has been using /usr/share/selinux/policy/current since Howard
suggested
it:
http://marc.theaimsgroup.com/?l=selinux&m=101864307520785&w=2
Gentoo apparently uses /etc/security/selinux/src/policy. It seems that if
you
want to have cross-distribution compatibility then a /etc/selinux sym-link
is
the best possibility.
That is my goal, and I am glad that you mentioned that there are already
problems with this. It seems like we still haven't solved the problem,
though. I was after a consistent location for the currently active source
and linking /etc/selinux /etc/security/selinux doesn't address this. I
suggest that wherever the top of the selinux files is, the current policy
should be in src/policy. That way /etc/selinux/src/policy would be the
current policy source in your suggestion and the binary modules can then be
/etc/selinux/modules.
Karl
Karl MacMillan
Tresys Technology
http://www.tresys.com
(410)290-1411 ext 134
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page