[DSE-Dev] Again about managing CIL modules in Debian
Victor Porton
porton at narod.ru
Tue Jun 3 10:11:41 UTC 2014
03.06.2014, 12:07, "Mika Pflüger" <mika at mikapflueger.de>:
[skip]
> I think the general policy regarding CIL modules should be solved
> upstream (i.e. by the secilc developers; you could propose them your
> policy), so that we have a common policy for all linux distributions and
> can benefit from each other's work. As long as such an upstream policy
> does not exist, it would be premature for debian to ship an own
> framework in /usr/(s)bin . I think we should put some example scripts
> for system administrators into /usr/share/doc/secilc/examples and
> explain them in /usr/share/doc/secilc/README.Debian , but we do not
> need to define our own CIL module policy.
> So to sum up my proposal:
> * Put CIL module installation scripts and documentation
> into /usr/share/doc/secilc/examples for the time being. I think your
> proposed scripts look good for that.
> * Work with secilc upstream, possibly refpolicy upstream and other
> distributions (mainly fedora and gentoo) on a policy for CIL modules.
> * As soon as we have an upstream CIL module policy, ship CIL module
> installation and support programs/scripts in /usr/(s)bin .
There is no mailing list upstream.
--
Victor Porton - http://portonvictor.org
More information about the SELinux-devel
mailing list