Hi,
There was a problem with how our refpolicy packages were put
together -- modules that were included in base where still built and
shipped in /usr/share/selinux/$policy_name/*.pp; but they could not be
installed, since there was a conflict -- they had already been
installed by base.pp
I fixed that, and with todays Sid packages, I can install either
the targeted or the strict policy, either in a minimal UML, or on my
development machine.
I think we need to create a tool that can update your policy
setup, taking into account any new packages you might have installed in
the meanwhile and loading new modules as needed. This is the first
step towards having an installation of a package automatically loading
the corresponding policy in the pre-inst phase.
An initial approach would be to have this utility be given a
package name on the command line, and it will see if there is a
corresponding selinux modular policy module, and install the policy or
update it as needed (if selinux is enabled, of course). If the module
is already installed, it should do nothing.
This way, developers can put in "update_selinux_modules $pkg"
in the preinst, without having to wait for a release when we can use
dpkg triggers.
manoj
--
General notions are generally wrong. Lady M.W. Montagu
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
