Supporting multiple OS releases
Stephen Smalley
sds at tycho.nsa.gov
Wed Jul 1 14:52:43 UTC 2009
On Wed, 2009-07-01 at 09:18 -0400, Stephen Smalley wrote:
> On Tue, 2009-06-30 at 21:46 -0400, Eric Paris wrote:
> > On Tue, 2009-06-30 at 17:28 -0400, Daniel J Walsh wrote:
> >
> > > RIght I think you would need to build on F9 for support on F11 not the
> > > other way around. Just like you would do with shared libraries. You
> > > would not expect an c executable built on F11 to run on F9?
> >
> > I think he wants a single code base which can be built on F9 or F11. I
> > might not expect that C to run, but I'd expect the same source could be
> > compiled on either.
> >
> > We aren't providing enough information for his policy to know which
> > interface it should be using, not sure how to solve the problem, but
> > obviously Rob want a way to use the new interface if it is there and to
> > use the old interface if it is not.....
>
> In the case of the ltp selinux test policy, which has a similar
> challenge with changing refpolicy interfaces (as well as kernel changes,
> e.g. introduction and enabling of open perm), I finally had to just fork
> a copy of the test policy in a subdirectory for RHEL5, while continuing
> to track the latest Fedora in the main directory. The Makefile then
> selects what policy to build automatically.
I do however enable the main copy of the test policy to build on
multiple Fedora releases through use of ifdefs, ala:
# If the base policy defines userdom_search_generic_user_home_dirs
# then no action required; else define it to
# userdom_search_user_home_dirs.
ifdef(`userdom_search_generic_user_home_dirs', `', ` dnl
interface(`userdom_search_generic_user_home_dirs', `
userdom_search_user_home_dirs($1)
')
')
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list