[DSE-Dev] Re: Sid SELinux packages are now working

[Erich Schubert]

Hello Manoj,
>         I think we need to create a tool that can update your policy
>  setup, taking into account any new packages you might have installed in
>  the meanwhile and loading new modules as needed.  This is the first

Like the "update-selinux-policy" command in my packages does?
http://svn.debian.org/wsvn/selinux/refpolicy/branches/debian-pkg/debian/utils/update-selinux-policy

>         An initial approach would be to have this utility be given a
>  package name on the command line, and it will see if there is a
>  corresponding selinux modular policy module, and install the policy or
>  update it as needed (if selinux is enabled, of course).  If the module
>  is already installed, it should do nothing.

Actually it might also make sense to update the modules with the latest
version in the same run. What my script doesn't do yet is check version
numbers. It will just re-run the autodetection and install any module
that was already installed or that was automatically detected.
So you can't 'blacklist' a policy module, and if you replaced it with a
modified custom one, it will also be replaced.
Local modifications in separate modules will of course be kept.

best regards,
Erich Schubert
-- 
    erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C    (o_
   To understand recursion you first need to understand recursion.   //\
               Denken ist oft schwerer, als man denkt.               V_/_