1 |
On 16/04/17 14:31, Jason Zaman wrote: |
2 |
> On Thu, Apr 13, 2017 at 12:02:24PM +0100, Robert Sharp wrote: |
3 |
>> Is there a difference between policies that appear to be in core but |
4 |
>> also have their own ebuilds? For example: selinux-ddclient versus |
5 |
>> policy/modules/contrib/dnsmasq.* and selinux-ddclient versus |
6 |
>> policy/modules/contrib/ddclient. I need to change both but when I tried |
7 |
>> to change dnsmasq it started complaining bitterly about binding to |
8 |
>> random ports, which is what dnsmasq does. |
9 |
> Not sure i follow exactly what you're asking but lemme give a quick |
10 |
> overview and see if it helps. |
11 |
> |
12 |
> |
13 |
> just because these things are not sec-policy/selinux-base{,-policy} |
14 |
> doesnt mean they all come from the /contrib/ dir inside the repo, there |
15 |
> are several things that are outside cthats not a requirement or |
16 |
> anything. eg: selinux-xserver's files are from |
17 |
> services/xserver.{te,if,fc} |
18 |
> |
19 |
> |
20 |
> Hope this makes some of the magic a little clearer, |
21 |
> -- Jason |
22 |
> |
23 |
Thanks for your explanation. I think I understand. The git repository |
24 |
contains all of the files and the ebuilds pull in different modules? So |
25 |
if I want to change dnsmasq (so that it can talk to unbound on 553) I |
26 |
can just copy the .te/.if/.fc files from the git repository and change |
27 |
them (I have already defined the port in a cil file)? |
28 |
|
29 |
I just tested this by making the dnsmasq module locally and comparing it |
30 |
to the /usr/share/selinux/strict one and it is the same. So now I can be |
31 |
confident that any changes I make will be the sole source of any |
32 |
problems that might follow! |
33 |
|
34 |
Fingers crossed and many thanks again for explaining that. |
35 |
|
36 |
Robert |