[DSE-Dev] Bug#805492: refpolicy: Fix the maintainer script to support the new policy store
Laurent Bigonville
bigon at debian.org
Sun Dec 6 09:03:45 UTC 2015
clone 805492 -1
retitle -1 refpolicy: Migrate existing store to new store format on upgrade
severity -1 wishlist
tag 805492 + help
thanks
Hi,
So I think we should split this in two issue:
1) make the maintainer script work and install the module in the new store
2) migrate the existing store, for this we could maybe just add
something in the release notes
For the 1st point, IMHO, the easiest would be to do like fedora and
install the modules directly in the /var/lib/selinux/<policy>/100 store
instead of copying/loading them at installation time. We could make it
clear that everything installed in the priority 100 is something the
package own that that could removed on upgrade. At installation time we
would just need to call semodule -B to build and reload the policy.
Any thoughts about installing stuffs like that directly in
/var/lib/selinux? Any other idea? Should we still install the .pp in
/usr/share/selinux if we are doing it like that?
Cheers,
Laurent Bigonville
More information about the SELinux-devel
mailing list