policy packages

Karl MacMillan kmacmillan at tresys.com
Thu May 13 15:47:30 UTC 2004 

> >> Will there be any way to determine which policy is currently active?
> >> Also, I
> >> am concerned that the well known location for the policy source
> >> (/etc/security/selinux/src/policy/) will go away and break tools that
> >> expect
> >> it. All of our tools are configurable, of course, but this change will
> >> make
> >> it hard to provide good configuration defaults. What about making
> >> /etc/security/selinux/src/policy a symlink to the currently active
> >> policy?
> >>
> >> Karl
> >>
> >>
> > We could change a sym link.  We were thinking of using
> > /etc/sysconfig/selinux to specify which policy is in use, and where the
> > directories are.  Right now I am just trying to get the SRPM to build
> > both policy groups.  The only tools that should be affected are those
> > that deal with the src dir, which is the SEtools.
> > --
> Perhaps if you consider Karl as the upstream developer for setools and
> remember that these tools are intended to work on other distributions as
> well, it would be appropriate to not use /etc/sysconfig/selinux.
> Also, consider current practice where /etc/security/selinux/src is the
> location for the policysources thus selinux/src should contain
> /src/policy-x, policy-y and policy-z with /src/policy a link to any one
>   of the policy-n directories as Karl suggested.
> Using /selinux/targeted/src  and /selinux/foo/src and
> /selinux/whatever/src to contain different instances of source seems
> backward to me. (IMHO) :)

I agree with this - we need to be able to support as many distributions as
possible and the /etc/security/selinux/src/policy directory has been used
for many years as the default location for the source to the current policy
(making it an easy way for us to provide that support). I think that this
would be worthwhile to retain through symlinks. Additionally, I think it
would be better for the strict, targeted, etc sources to remain under src as
Richard suggested. When binary modules are added in
/etc/security/selinux/modules it will be clearer if all of the source is
under /etc/security/selinux/src.

Karl

Karl MacMillan
Tresys Technology
http://www.tresys.com
(410)290-1411 ext 134

> Thanks,
> Richard Hally
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list