Supporting multiple OS releases
Stephen Smalley
sds at tycho.nsa.gov
Wed Jul 1 13:18:38 UTC 2009
On Tue, 2009-06-30 at 21:46 -0400, Eric Paris wrote:
> On Tue, 2009-06-30 at 17:28 -0400, Daniel J Walsh wrote:
>
> > RIght I think you would need to build on F9 for support on F11 not the
> > other way around. Just like you would do with shared libraries. You
> > would not expect an c executable built on F11 to run on F9?
>
> I think he wants a single code base which can be built on F9 or F11. I
> might not expect that C to run, but I'd expect the same source could be
> compiled on either.
>
> We aren't providing enough information for his policy to know which
> interface it should be using, not sure how to solve the problem, but
> obviously Rob want a way to use the new interface if it is there and to
> use the old interface if it is not.....
In the case of the ltp selinux test policy, which has a similar
challenge with changing refpolicy interfaces (as well as kernel changes,
e.g. introduction and enabling of open perm), I finally had to just fork
a copy of the test policy in a subdirectory for RHEL5, while continuing
to track the latest Fedora in the main directory. The Makefile then
selects what policy to build automatically.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list