policy packages

Karl MacMillan kmacmillan at tresys.com
Tue May 18 21:01:04 UTC 2004 

> -----Original Message-----
> From: Russell Coker [mailto:russell at coker.com.au]
> Sent: Saturday, May 15, 2004 4:17 PM
> To: Karl MacMillan
> Cc: Fedora SELinux support list for users & developers.; Daniel J Walsh
> Subject: Re: policy packages
> 
> On Sun, 16 May 2004 03:41, "Karl MacMillan" <kmacmillan at tresys.com> wrote:
> > > I think we should use /etc/selinux as the sym-link to the policy
> > > source.  /etc/security/selinux/src is too much typing when you do any
> > > serious policy work.
> >
> > I am not against adding the symlink if /etc/security/selinux/src/policy
> > remains. Breaking that compatibility will be a  problem for us and
> others
> > at least in the short term and, if other distributions don't adopt the
> > change, a problem in the long term. All of our tools are easily
> 
> If /etc/selinux is used then it's best for compatibility for everyone.
> 
> Debian has been using /usr/share/selinux/policy/current since Howard
> suggested
> it:
> http://marc.theaimsgroup.com/?l=selinux&m=101864307520785&w=2
> 
> Gentoo apparently uses /etc/security/selinux/src/policy.  It seems that if
> you
> want to have cross-distribution compatibility then a /etc/selinux sym-link
> is
> the best possibility.

That is my goal, and I am glad that you mentioned that there are already
problems with this. It seems like we still haven't solved the problem,
though. I was after a consistent location for the currently active source
and linking /etc/selinux /etc/security/selinux doesn't address this. I
suggest that wherever the top of the selinux files is, the current policy
should be in src/policy. That way /etc/selinux/src/policy would be the
current policy source in your suggestion and the binary modules can then be
/etc/selinux/modules.

Karl


Karl MacMillan
Tresys Technology
http://www.tresys.com
(410)290-1411 ext 134

> 
> --
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page

More information about the fedora-selinux-list mailing list