On Mon, 2007-01-08 at 15:49 -0500, Daniel J Walsh wrote:
Richard Fearn wrote:
> Hello,
>
> Due to an SELinux bug I reported in August, I've been tyring to
> understand the selinux-policy packages to see how they're built. I
> understand the principle of taking the upstream refpolicy, modifying
> it and building the Fedora-specific packages. However, I'm struggling
> to see where the refpolicy is coming from.
>
> For example, as I write this, the latest FC6 selinux-policy package
> pushed to the repositories is 2.4.6-1. According to the "sources" file
> in CVS, this package is built using serefpolicy-2.4.6.tgz. If I get
> serefpolicy-2.4.6.tgz from the lookaside repository then the VERSION
> file in it says 20061018. However, the contents of
> serefpolicy-2.4.6.tgz differ a great deal from the "official" 20061018
> version of the reference policy from Tresys.
>
> I could understand it if the Fedora selinux-policy packages were
> directly based on the 20061018 version of the refpolicy from Tresys,
> but there seems to be an intermediate stage of development that
> produces the serefpolicy-2.x.x.tgz files in the lookaside repository.
>
> My question is: is there a CVS repository somewhere for a "Fedora
> reference policy", that is used to build all these serefpolicy files?
>
The numbering is being done by me. I am just taking CVS dumps off of
tresys policy and applying patches. When I update to the latest policy
from Tresys. I build my own policy tarball off of the current cvs/svn
version and apply my patch. Treysys at some later time releases a
version with the date you have. So it is difficult to match up my
release with what tresys is releasing.
Hmmm...possibly you could save the svn revision number from their svn
tree, either as a file in the tarball or as part of the package version
or release number, so that one could easily find the specific svn
revision it matches?
--
Stephen Smalley
National Security Agency