[DSE-Dev] How to package policy?
Manoj Srivastava
manoj.srivastava at stdc.com
Sun Sep 17 15:19:48 UTC 2006
On Sun, 12 Mar 2006 01:26:30 +0100, Erich Schubert <erich at debian.org> said:
Hi,
I know this is ancient email I am replying to.
> Hi Thomas,
>> #1: Select policy modules with debconf.
> I fear we might be hitting debconf limitations quite early when
> trying to make a nice UI.
Also, I think I like the module detection approach far better
than asking the user. We should be tailoring the policy to the
machine, and improving our policy module to package name mappings.
We dio need to yank the detect and map out of thepostinst, and
create a utility that can help with upgrades as well (or, really, any
time someone loads a new set of packages, to ensure that the relevant
policy for the new packages is also included).
>> #2: Change booleans via debconf.
> Sounds good to me.
This still needs to be done. Unfortunately, the booleans are
currently shipped as conffiles, so doing this right can be tricky. I
am not one who thinks that making users edit config filesis a horror
beyond words, so this is not high on the priority.
>> #3: Ship binary policy modules or only policy sources?
> Definitely ship precompiled modules, and policy source.
Done.
manoj
--
Whatever occurs from love is always beyond good and evil. Friedrich
Nietzsche
Manoj Srivastava <manoj.srivastava at stdc.com> <srivasta at acm.org>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
More information about the SELinux-devel
mailing list