[DSE-Dev] Proper way to distribute a new policy

[Antonio Russo]

Hello,

I'm working on packaging the FindMyDevice server [1].  I eventually want to
get it included in Debian proper, so I would like to make sure its packaging
is clean.  But I am also currently using it, so it also needs to be functional.

My question is about adding SELinux policies.  Starting from sepolicy generate,
I have a selinux policy module that (tentatively) works in enforcing mode.

**How should I distribute this policy module?**

For instance, is there a debhelper script that just magically takes the module
and handles it for me?  Something equivalent to dh-apparmor, but for selinux?
The project is niche, so I kind of doubt that upstream would accept it.  But
even if they did, I'd like to be able to iterate faster (i.e., suppose upstream
changes, and the policy needs to be adjusted quickly).  This might not apply
so much for findmydevice, but might for other things I'm working on.

Best,
Antonio


[1] https://gitlab.com/Nulide/findmydeviceserver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x72DB026E04C1C768.asc
Type: application/pgp-keys
Size: 7680 bytes
Desc: OpenPGP public key
URL: <http://alioth-lists.debian.net/pipermail/selinux-devel/attachments/20250118/2f64b4f0/attachment.asc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/selinux-devel/attachments/20250118/2f64b4f0/attachment.sig>