| 1 |
On 16/04/17 14:31, Jason Zaman wrote: |
| 2 |
> On Thu, Apr 13, 2017 at 12:02:24PM +0100, Robert Sharp wrote: |
| 3 |
>> Is there a difference between policies that appear to be in core but |
| 4 |
>> also have their own ebuilds? For example: selinux-ddclient versus |
| 5 |
>> policy/modules/contrib/dnsmasq.* and selinux-ddclient versus |
| 6 |
>> policy/modules/contrib/ddclient. I need to change both but when I tried |
| 7 |
>> to change dnsmasq it started complaining bitterly about binding to |
| 8 |
>> random ports, which is what dnsmasq does. |
| 9 |
> Not sure i follow exactly what you're asking but lemme give a quick |
| 10 |
> overview and see if it helps. |
| 11 |
> |
| 12 |
> |
| 13 |
> just because these things are not sec-policy/selinux-base{,-policy} |
| 14 |
> doesnt mean they all come from the /contrib/ dir inside the repo, there |
| 15 |
> are several things that are outside cthats not a requirement or |
| 16 |
> anything. eg: selinux-xserver's files are from |
| 17 |
> services/xserver.{te,if,fc} |
| 18 |
> |
| 19 |
> |
| 20 |
> Hope this makes some of the magic a little clearer, |
| 21 |
> -- Jason |
| 22 |
> |
| 23 |
Thanks for your explanation. I think I understand. The git repository |
| 24 |
contains all of the files and the ebuilds pull in different modules? So |
| 25 |
if I want to change dnsmasq (so that it can talk to unbound on 553) I |
| 26 |
can just copy the .te/.if/.fc files from the git repository and change |
| 27 |
them (I have already defined the port in a cil file)? |
| 28 |
|
| 29 |
I just tested this by making the dnsmasq module locally and comparing it |
| 30 |
to the /usr/share/selinux/strict one and it is the same. So now I can be |
| 31 |
confident that any changes I make will be the sole source of any |
| 32 |
problems that might follow! |
| 33 |
|
| 34 |
Fingers crossed and many thanks again for explaining that. |
| 35 |
|
| 36 |
Robert |
Archives