policy packages

Daniel J Walsh dwalsh at redhat.com
Wed May 12 15:13:47 UTC 2004 

Karl MacMillan wrote:

>>-----Original Message-----
>>    
>>
>>>Well, when I installed policy-strict-sources, it replaced the files
>>>from the policy-sources package. Surprise! I would have thought in
>>>would have installed them under
>>>/etc/security/selinux/src/policy-strict. I hope we will be able to
>>>have both (or more) policies sources installed at the same time.
>>>If I rename src/policy to src/policy-strict can I then reinstall
>>>policy-sources? what rpm options should I use?
>>>Thanks for the help
>>>Richard Hally
>>>      
>>>
>>Yes that was a mistake that it got out.  I am working on a new version
>>of the policy src rpm.  It will create 4 rpms.  policy and
>>policy-sources which will contain the targeted policy (relaxed) policy.
>>policy-strict and policy-strict-sources which will contain the strict
>>policy (The policy we currently ship).  This should be available in the
>>first rawhide versions of FC3.   Policy sources will install in
>>/etc/security/selinux/targeted/src/policy.  Strict policy sources will
>>install in /etc/security/selinux/strict/src/policy.
>>
>>    
>>
>
>Will there be any way to determine which policy is currently active? Also, I
>am concerned that the well known location for the policy source
>(/etc/security/selinux/src/policy/) will go away and break tools that expect
>it. All of our tools are configurable, of course, but this change will make
>it hard to provide good configuration defaults. What about making
>/etc/security/selinux/src/policy a symlink to the currently active policy?
>
>Karl
>
>Karl MacMillan
>Tresys Technology
>http://www.tresys.com
>(410)290-1411 ext 134
>
>  
>
>>Dan
>>
>>    
>>
>>>--
>>>fedora-selinux-list mailing list
>>>fedora-selinux-list at redhat.com
>>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>      
>>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>    
>>
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>
We could change a sym link.  We were thinking of using 
/etc/sysconfig/selinux to specify which policy is in use, and where the 
directories are.  Right now I am just trying to get the SRPM to build 
both policy groups.  The only tools that should be affected are those 
that deal with the src dir, which is the SEtools.

More information about the fedora-selinux-list mailing list