[DSE-Dev] Sid SELinux packages are now working

Russell Coker russell at coker.com.au
Mon May 21 09:08:34 UTC 2007


On Wednesday 09 May 2007 10:34, Erich Schubert <erich at debian.org> wrote:
> >  SELinux policy modules and debian packages, which discovers the
> >  relationships between modules and orders the policy load correctly,  so
> >  that it can pull in any dependency as required.
>
> Yep, I'm generating them on compile time in my packages and storing them
> in an auxillary file. shipping another 1k file with the package felt
> nicer to me than computing it on install time.

That's fine as long as the dependencies don't change due to local 
modifications.

> >         I was thinking of looking at the module, and updating it if it
> >  was different -- whether or not the version changed. Yes, I am lazy.
> >         md5sum mismatch, refresh module.
>
> I don't think this is a good idea. If I have (for whatever reason) to
> modify a policy module, I'd like to be able to bump the version number a
> bit to avoid it from being updated. Like bumping it to 2.x; it will be
> some time until refpolicy uses 2.x version numbers and by then the
> policy module will be worthless anyway.

To have this work well we would need to have more formality in the version 
numbers than currently exists.

We need to determine which parts of the version can be changed by which people 
(upstream, distribution packaging, and local changes), and in what situations 
they change (incompatibility, security fixes, and general changes).

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development



More information about the SELinux-devel mailing list