On Tue, 19 Feb 2008 08:51:17 +0100, Václav Ovsík <[EMAIL PROTECTED]> said:
> Maybe we should test the policy first even without packaging. Changes
> can be pushed upstream before packaging the latest reference policy.
Well, the policy in Sid is now the SVN HEAD/
> Latest refpolicy is already merge of targeted & strict versions. The
> behavior of the strict or the targeted policy versions can be achieved
> by inserting/excluding "unconfined" module now AFAIK.
Which begs the question: Shouyld we drop the "strict" and
"targeted" policies, and just ship refpolicy?
> If not this case, the SELinux module loading script (currently written
> into postinst script of policy) should be moved to some utility
> update-selinux-policy-something. Maybe even there should be some
> config file (and interface) for system administrator, so it can force
> loading some module, blacklist it or left it in default preference
> (automatic loading). Some APT hook should automaticaly load/remove
> SELinux policy packages according to configuration when counterpart
> Debian packages will be installed/removed.
Sounds like a plan.
> Ok, I setup another Debian Sid XEN domU with latest SELinux packages
> and the targeted policy from Debian archive. Hmm, I can't run semanage
> (#465053), so I can't test this now. At first, we need a newer or
> patched PAM package (#451722).
The semanage issue should now be fixed; and we need to get the
pam bug fixed.
> I'm going to play with the latest reference policy and to sent mails
> through [EMAIL PROTECTED] and
> [EMAIL PROTECTED] There is a very low traffic on the
> selinux-devel list and I hope, that people on [EMAIL PROTECTED]
> will fix my ideas how to the Debian-specific changes. :)
Well, you could always file wishlist bugs on Debian packages,
you know.
manoj
--
Are the STEWED PRUNES still in the HAIR DRYER?
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
