[DSE-Dev] Re: openssh packages with updated selinux patch
Manoj Srivastava
srivasta at debian.org
Tue Oct 24 21:18:39 UTC 2006
On Tue, 24 Oct 2006 13:42:42 +0200, Frans Pop <elendil at planet.nl> said:
> AFAICT the argument is that selinux should not be hard linked at
> all. Having openssh require selinux libs is unwanted overhead for
> the installer.
Well, since openssh already links with libselinux, my patch is
not a regression.
> A solution should be found so that selinux will only be used if it
> is available _at runtime_, as was already done for some other libs
> that also produce udebs.
> See for comparison:
> http://bugs.debian.org/318115
> http://bugs.debian.org/375413
> Alternatively the udebs could be compiled separately without selinux
> support.
Either of these would be fine (though looking at the size of
libselinux1, I wonder if there are any numbers behind the burden
theory?), but that would be a more intrusive change for openssh than
I am willing to make as a non-maintainer at this stage of the game.
At this point, openssh links with libselinux1 where
available. The code in openssh that exercises this library is out of
date; I am merely bringing it up to be compatible with the SELinux
infrastructure we will be shipping in Etch.
I am not _adding_ selinux code to openssh; I am _updating_
code that already exists.
manoj
--
There's a fine line between courage and foolishness. Too bad it's not
a fence.
Manoj Srivastava <srivasta at debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
More information about the SELinux-devel
mailing list