On Tue, 2006-05-09 at 18:07 -0400, Valdis.Kletnieks(a)vt.edu wrote:
Am looking at selinux-policy-2.2.38-1.src.rpm. Does anybody know
why there isn't a %build section in the .SPEC file? I was *hoping*
to do a 'rpmbuild -bc' to assist in debugging an outstanding problem
I'm having with strict policy, but apparently all the building gets
done in the %install. Blech.
1) strict policy is known to be broken simply due to the current
brokenness of optionals-in-base support in checkpolicy/libsepol.
Patches are coming soon. It isn't really strict policy per se, but
fully modularized policy where the base has to contain optional sections
that need to be dynamically enabled at link time.
2) At present, you can build a working copy of a given policy build tree
rpmbuild -bb --define "BUILD_xxx 0" --define "BUILD_yyy 0"
where xxx and yyy are MLS, STRICT, or TARGETED, and you are disabling
the ones you don't want. e.g. to build a working copy of a build tree
for just strict, you'd use:
rpmbuild -bb --define "BUILD_MLS 0" --define "BUILD_TARGETED 0"
This tries to build a binary package, of course, but leaves the build
tree intact so that you can then go use it.
We do need a cleaner way of doing this, or at least for it to be
documented in the FAQ.
National Security Agency